From ddb5bb76724c2e0c8d18969e898d576bcdbaa8d5 Mon Sep 17 00:00:00 2001 From: Shuxian Cai Date: Mon, 24 Apr 2023 18:59:57 +0000 Subject: [PATCH] Update for version 1.103.0 --- ...esscontextmanageraccesslevelcondition.yaml | 260 + ...esscontextmanagergcpuseraccessbinding.yaml | 181 + ...ontextmanagerserviceperimeterresource.yaml | 160 + ...beta1_accesscontextmanageraccesslevel.yaml | 2 +- ...eta1_accesscontextmanageraccesspolicy.yaml | 2 +- ..._accesscontextmanagerserviceperimeter.yaml | 2 +- crds/alloydb_v1alpha1_alloydbbackup.yaml | 196 + crds/alloydb_v1alpha1_alloydbcluster.yaml | 343 + crds/alloydb_v1alpha1_alloydbinstance.yaml | 213 + crds/apigateway_v1alpha1_apigatewayapi.yaml | 171 + ...igateway_v1alpha1_apigatewayapiconfig.yaml | 286 + ...apigateway_v1alpha1_apigatewaygateway.yaml | 176 + crds/apigee_v1alpha1_apigeeaddonsconfig.yaml | 185 + ...gee_v1alpha1_apigeeendpointattachment.yaml | 156 + crds/apigee_v1alpha1_apigeeenvgroup.yaml | 140 + ...gee_v1alpha1_apigeeenvgroupattachment.yaml | 142 + crds/apigee_v1alpha1_apigeeinstance.yaml | 188 + ...gee_v1alpha1_apigeeinstanceattachment.yaml | 142 + crds/apigee_v1alpha1_apigeenataddress.yaml | 141 + ...igee_v1alpha1_apigeesyncauthorization.yaml | 147 + crds/apigee_v1beta1_apigeeenvironment.yaml | 2 +- crds/apigee_v1beta1_apigeeorganization.yaml | 2 +- ...ngine_v1alpha1_appenginedomainmapping.yaml | 187 + ...engine_v1alpha1_appenginefirewallrule.yaml | 145 + ..._v1alpha1_appengineflexibleappversion.yaml | 713 + ...v1alpha1_appengineservicesplittraffic.yaml | 162 + ..._v1alpha1_appenginestandardappversion.yaml | 463 + ...ry_v1beta1_artifactregistryrepository.yaml | 14 +- ...corp_v1alpha1_beyondcorpappconnection.yaml | 214 + ...dcorp_v1alpha1_beyondcorpappconnector.yaml | 183 + ...ondcorp_v1alpha1_beyondcorpappgateway.yaml | 192 + ...gquery_v1alpha1_bigquerydatasetaccess.yaml | 270 + crds/bigquery_v1beta1_bigquerydataset.yaml | 21 +- crds/bigquery_v1beta1_bigqueryjob.yaml | 2 +- crds/bigquery_v1beta1_bigqueryroutine.yaml | 2 +- crds/bigquery_v1beta1_bigquerytable.yaml | 2 +- ...pha1_bigqueryanalyticshubdataexchange.yaml | 188 + ..._v1alpha1_bigqueryanalyticshublisting.yaml | 239 + ...v1alpha1_bigqueryconnectionconnection.yaml | 336 + ...v1alpha1_bigquerydatapolicydatapolicy.yaml | 186 + ...r_v1alpha1_bigquerydatatransferconfig.yaml | 311 + ...alpha1_bigqueryreservationreservation.yaml | 202 + crds/bigtable_v1beta1_bigtableappprofile.yaml | 2 +- crds/bigtable_v1beta1_bigtablegcpolicy.yaml | 2 +- crds/bigtable_v1beta1_bigtableinstance.yaml | 2 +- crds/bigtable_v1beta1_bigtabletable.yaml | 2 +- ...gbudgets_v1beta1_billingbudgetsbudget.yaml | 2 +- ...n_v1beta1_binaryauthorizationattestor.yaml | 2 +- ...ion_v1beta1_binaryauthorizationpolicy.yaml | 2 +- ...1alpha1_certificatemanagercertificate.yaml | 371 + ...pha1_certificatemanagercertificatemap.yaml | 205 + ...certificatemanagercertificatemapentry.yaml | 199 + ...a1_certificatemanagerdnsauthorization.yaml | 187 + ...udasset_v1alpha1_cloudassetfolderfeed.yaml | 251 + ...t_v1alpha1_cloudassetorganizationfeed.yaml | 243 + ...dasset_v1alpha1_cloudassetprojectfeed.yaml | 242 + .../cloudbuild_v1beta1_cloudbuildtrigger.yaml | 2 +- ...ons2_v1alpha1_cloudfunctions2function.yaml | 477 + ...ctions_v1beta1_cloudfunctionsfunction.yaml | 2 +- ...udidentity_v1beta1_cloudidentitygroup.yaml | 2 +- ...ntity_v1beta1_cloudidentitymembership.yaml | 2 +- crds/cloudids_v1alpha1_cloudidsendpoint.yaml | 195 + crds/cloudiot_v1alpha1_cloudiotdevice.yaml | 274 + ...udscheduler_v1beta1_cloudschedulerjob.yaml | 2 +- crds/cloudtasks_v1alpha1_cloudtasksqueue.yaml | 283 + crds/compute_v1alpha1_computeautoscaler.yaml | 468 + ...pha1_computebackendbucketsignedurlkey.yaml | 226 + ...ha1_computebackendservicesignedurlkey.yaml | 226 + ...1_computediskresourcepolicyattachment.yaml | 189 + ...v1alpha1_computeglobalnetworkendpoint.yaml | 170 + ...ha1_computeglobalnetworkendpointgroup.yaml | 174 + ...1alpha1_computeinstancegroupnamedport.yaml | 194 + .../compute_v1alpha1_computemachineimage.yaml | 229 + ...v1alpha1_computemanagedsslcertificate.yaml | 197 + ...mpute_v1alpha1_computenetworkendpoint.yaml | 224 + ...ha1_computenetworkpeeringroutesconfig.yaml | 193 + ...ha1_computeorganizationsecuritypolicy.yaml | 157 + ...organizationsecuritypolicyassociation.yaml | 141 + ...computeorganizationsecuritypolicyrule.yaml | 238 + ...ute_v1alpha1_computeperinstanceconfig.yaml | 309 + ...pute_v1alpha1_computeregionautoscaler.yaml | 446 + ...uteregiondiskresourcepolicyattachment.yaml | 189 + ...alpha1_computeregionperinstanceconfig.yaml | 309 + crds/compute_v1beta1_computeaddress.yaml | 10 +- .../compute_v1beta1_computebackendbucket.yaml | 2 +- ...compute_v1beta1_computebackendservice.yaml | 24 +- crds/compute_v1beta1_computedisk.yaml | 2 +- ...ute_v1beta1_computeexternalvpngateway.yaml | 2 +- crds/compute_v1beta1_computefirewall.yaml | 8 +- ...compute_v1beta1_computefirewallpolicy.yaml | 2 +- ...eta1_computefirewallpolicyassociation.yaml | 2 +- ...ute_v1beta1_computefirewallpolicyrule.yaml | 2 +- ...compute_v1beta1_computeforwardingrule.yaml | 2 +- crds/compute_v1beta1_computehealthcheck.yaml | 2 +- ...ompute_v1beta1_computehttphealthcheck.yaml | 2 +- ...mpute_v1beta1_computehttpshealthcheck.yaml | 2 +- crds/compute_v1beta1_computeimage.yaml | 4 +- crds/compute_v1beta1_computeinstance.yaml | 6 +- .../compute_v1beta1_computeinstancegroup.yaml | 2 +- ...e_v1beta1_computeinstancegroupmanager.yaml | 2 +- ...mpute_v1beta1_computeinstancetemplate.yaml | 9 +- ...v1beta1_computeinterconnectattachment.yaml | 2 +- crds/compute_v1beta1_computenetwork.yaml | 9 +- ...e_v1beta1_computenetworkendpointgroup.yaml | 2 +- ...compute_v1beta1_computenetworkpeering.yaml | 2 +- crds/compute_v1beta1_computenodegroup.yaml | 2 +- crds/compute_v1beta1_computenodetemplate.yaml | 2 +- ...ompute_v1beta1_computepacketmirroring.yaml | 2 +- ...ompute_v1beta1_computeprojectmetadata.yaml | 2 +- ...ta1_computeregionnetworkendpointgroup.yaml | 2 +- crds/compute_v1beta1_computereservation.yaml | 2 +- ...compute_v1beta1_computeresourcepolicy.yaml | 2 +- crds/compute_v1beta1_computeroute.yaml | 2 +- crds/compute_v1beta1_computerouter.yaml | 2 +- ...ompute_v1beta1_computerouterinterface.yaml | 2 +- crds/compute_v1beta1_computerouternat.yaml | 2 +- crds/compute_v1beta1_computerouterpeer.yaml | 2 +- ...compute_v1beta1_computesecuritypolicy.yaml | 2 +- ...pute_v1beta1_computeserviceattachment.yaml | 2 +- ...e_v1beta1_computesharedvpchostproject.yaml | 2 +- ...1beta1_computesharedvpcserviceproject.yaml | 2 +- crds/compute_v1beta1_computesnapshot.yaml | 2 +- ...compute_v1beta1_computesslcertificate.yaml | 2 +- crds/compute_v1beta1_computesslpolicy.yaml | 2 +- crds/compute_v1beta1_computesubnetwork.yaml | 23 +- ...ompute_v1beta1_computetargetgrpcproxy.yaml | 2 +- ...ompute_v1beta1_computetargethttpproxy.yaml | 2 +- ...mpute_v1beta1_computetargethttpsproxy.yaml | 2 +- ...compute_v1beta1_computetargetinstance.yaml | 2 +- crds/compute_v1beta1_computetargetpool.yaml | 2 +- ...compute_v1beta1_computetargetsslproxy.yaml | 2 +- ...compute_v1beta1_computetargettcpproxy.yaml | 2 +- ...mpute_v1beta1_computetargetvpngateway.yaml | 2 +- crds/compute_v1beta1_computeurlmap.yaml | 2 +- crds/compute_v1beta1_computevpngateway.yaml | 7 +- crds/compute_v1beta1_computevpntunnel.yaml | 2 +- ...ller_v1beta1_configcontrollerinstance.yaml | 2 +- crds/container_v1beta1_containercluster.yaml | 72 +- crds/container_v1beta1_containernodepool.yaml | 53 +- ..._v1alpha1_containeranalysisoccurrence.yaml | 248 + ...nalysis_v1beta1_containeranalysisnote.yaml | 2 +- ...datacatalog_v1alpha1_datacatalogentry.yaml | 284 + ...atalog_v1alpha1_datacatalogentrygroup.yaml | 178 + crds/datacatalog_v1alpha1_datacatalogtag.yaml | 197 + ...talog_v1alpha1_datacatalogtagtemplate.yaml | 244 + ...acatalog_v1beta1_datacatalogpolicytag.yaml | 2 +- ...tacatalog_v1beta1_datacatalogtaxonomy.yaml | 2 +- ...aflow_v1beta1_dataflowflextemplatejob.yaml | 2 +- crds/dataflow_v1beta1_dataflowjob.yaml | 2 +- .../dataform_v1alpha1_dataformrepository.yaml | 184 + ...datafusion_v1beta1_datafusioninstance.yaml | 2 +- ...roc_v1beta1_dataprocautoscalingpolicy.yaml | 2 +- crds/dataproc_v1beta1_dataproccluster.yaml | 2 +- ...proc_v1beta1_dataprocworkflowtemplate.yaml | 2 +- crds/datastore_v1alpha1_datastoreindex.yaml | 184 + ..._v1alpha1_datastreamconnectionprofile.yaml | 613 + ..._v1alpha1_datastreamprivateconnection.yaml | 205 + .../datastream_v1alpha1_datastreamstream.yaml | 941 + ..._v1alpha1_deploymentmanagerdeployment.yaml | 227 + crds/dialogflow_v1alpha1_dialogflowagent.yaml | 200 + ...logflow_v1alpha1_dialogflowentitytype.yaml | 205 + ...ogflow_v1alpha1_dialogflowfulfillment.yaml | 209 + .../dialogflow_v1alpha1_dialogflowintent.yaml | 249 + ...alogflowcx_v1alpha1_dialogflowcxagent.yaml | 226 + ...lowcx_v1alpha1_dialogflowcxentitytype.yaml | 207 + ...ialogflowcx_v1alpha1_dialogflowcxflow.yaml | 348 + ...logflowcx_v1alpha1_dialogflowcxintent.yaml | 232 + ...ialogflowcx_v1alpha1_dialogflowcxpage.yaml | 461 + ...ogflowcx_v1alpha1_dialogflowcxwebhook.yaml | 221 + crds/dlp_v1beta1_dlpdeidentifytemplate.yaml | 2 +- crds/dlp_v1beta1_dlpinspecttemplate.yaml | 2 +- crds/dlp_v1beta1_dlpjobtrigger.yaml | 2 +- crds/dlp_v1beta1_dlpstoredinfotype.yaml | 2 +- crds/dns_v1alpha1_dnsresponsepolicy.yaml | 190 + crds/dns_v1alpha1_dnsresponsepolicyrule.yaml | 208 + crds/dns_v1beta1_dnsmanagedzone.yaml | 2 +- crds/dns_v1beta1_dnspolicy.yaml | 2 +- crds/dns_v1beta1_dnsrecordset.yaml | 2 +- ...cumentai_v1alpha1_documentaiprocessor.yaml | 177 + ...ha1_documentaiprocessordefaultversion.yaml | 135 + ...cts_v1alpha1_essentialcontactscontact.yaml | 154 + crds/eventarc_v1beta1_eventarctrigger.yaml | 2 +- .../filestore_v1alpha1_filestoresnapshot.yaml | 181 + crds/filestore_v1beta1_filestorebackup.yaml | 2 +- crds/filestore_v1beta1_filestoreinstance.yaml | 2 +- .../firebase_v1alpha1_firebaseandroidapp.yaml | 193 + crds/firebase_v1alpha1_firebaseproject.yaml | 164 + crds/firebase_v1alpha1_firebasewebapp.yaml | 153 + ...ase_v1alpha1_firebasedatabaseinstance.yaml | 189 + ...sting_v1alpha1_firebasehostingchannel.yaml | 156 + ...ehosting_v1alpha1_firebasehostingsite.yaml | 175 + ...torage_v1alpha1_firebasestoragebucket.yaml | 160 + crds/firestore_v1beta1_firestoreindex.yaml | 2 +- ...kebackup_v1alpha1_gkebackupbackupplan.yaml | 302 + crds/gkehub_v1beta1_gkehubfeature.yaml | 2 +- ...kehub_v1beta1_gkehubfeaturemembership.yaml | 2 +- crds/gkehub_v1beta1_gkehubmembership.yaml | 2 +- ...hcare_v1alpha1_healthcareconsentstore.yaml | 145 + ...healthcare_v1alpha1_healthcaredataset.yaml | 170 + ...lthcare_v1alpha1_healthcaredicomstore.yaml | 174 + ...althcare_v1alpha1_healthcarefhirstore.yaml | 285 + ...lthcare_v1alpha1_healthcarehl7v2store.yaml | 213 + crds/iam_v1beta1_iamaccessboundarypolicy.yaml | 2 +- crds/iam_v1beta1_iamauditconfig.yaml | 2 +- crds/iam_v1beta1_iamcustomrole.yaml | 2 +- crds/iam_v1beta1_iampartialpolicy.yaml | 2 +- crds/iam_v1beta1_iampolicy.yaml | 2 +- crds/iam_v1beta1_iampolicymember.yaml | 2 +- crds/iam_v1beta1_iamserviceaccount.yaml | 2 +- crds/iam_v1beta1_iamserviceaccountkey.yaml | 2 +- crds/iam_v1beta1_iamworkforcepool.yaml | 2 +- .../iam_v1beta1_iamworkforcepoolprovider.yaml | 2 +- crds/iam_v1beta1_iamworkloadidentitypool.yaml | 2 +- ...beta1_iamworkloadidentitypoolprovider.yaml | 2 +- crds/iap_v1beta1_iapbrand.yaml | 2 +- ...p_v1beta1_iapidentityawareproxyclient.yaml | 2 +- ...tityplatformdefaultsupportedidpconfig.yaml | 171 + ...ha1_identityplatforminboundsamlconfig.yaml | 217 + ..._identityplatformprojectdefaultconfig.yaml | 236 + ...atformtenantdefaultsupportedidpconfig.yaml | 176 + ...entityplatformtenantinboundsamlconfig.yaml | 225 + ...atform_v1beta1_identityplatformconfig.yaml | 2 +- ...1beta1_identityplatformoauthidpconfig.yaml | 2 +- ...atform_v1beta1_identityplatformtenant.yaml | 2 +- ..._identityplatformtenantoauthidpconfig.yaml | 2 +- crds/kms_v1alpha1_kmscryptokeyversion.yaml | 201 + crds/kms_v1alpha1_kmskeyringimportjob.yaml | 192 + crds/kms_v1alpha1_kmssecretciphertext.yaml | 217 + crds/kms_v1beta1_kmscryptokey.yaml | 2 +- crds/kms_v1beta1_kmskeyring.yaml | 2 +- crds/logging_v1beta1_logginglogbucket.yaml | 2 +- crds/logging_v1beta1_logginglogexclusion.yaml | 2 +- crds/logging_v1beta1_logginglogmetric.yaml | 2 +- crds/logging_v1beta1_logginglogsink.yaml | 2 +- crds/logging_v1beta1_logginglogview.yaml | 2 +- crds/memcache_v1beta1_memcacheinstance.yaml | 2 +- crds/mlengine_v1alpha1_mlenginemodel.yaml | 188 + ...itoring_v1beta1_monitoringalertpolicy.yaml | 2 +- ...onitoring_v1beta1_monitoringdashboard.yaml | 2 +- crds/monitoring_v1beta1_monitoringgroup.yaml | 2 +- ...ng_v1beta1_monitoringmetricdescriptor.yaml | 2 +- ...ng_v1beta1_monitoringmonitoredproject.yaml | 2 +- ...v1beta1_monitoringnotificationchannel.yaml | 2 +- .../monitoring_v1beta1_monitoringservice.yaml | 2 +- ...beta1_monitoringservicelevelobjective.yaml | 2 +- ...g_v1beta1_monitoringuptimecheckconfig.yaml | 2 +- ...tivity_v1beta1_networkconnectivityhub.yaml | 2 +- ...vity_v1beta1_networkconnectivityspoke.yaml | 2 +- ...ha1_networkmanagementconnectivitytest.yaml | 287 + ...a1_networksecurityauthorizationpolicy.yaml | 2 +- ...1beta1_networksecurityclienttlspolicy.yaml | 2 +- ...1beta1_networksecurityservertlspolicy.yaml | 2 +- ...alpha1_networkservicesedgecachekeyset.yaml | 249 + ...alpha1_networkservicesedgecacheorigin.yaml | 359 + ...lpha1_networkservicesedgecacheservice.yaml | 919 + ...v1beta1_networkservicesendpointpolicy.yaml | 2 +- ...rvices_v1beta1_networkservicesgateway.yaml | 2 +- ...ices_v1beta1_networkservicesgrpcroute.yaml | 2 +- ...ices_v1beta1_networkserviceshttproute.yaml | 2 +- ...kservices_v1beta1_networkservicesmesh.yaml | 2 +- ...vices_v1beta1_networkservicestcproute.yaml | 2 +- ...vices_v1beta1_networkservicestlsroute.yaml | 2 +- ...tebooks_v1alpha1_notebooksenvironment.yaml | 232 + ...cy_v1alpha1_orgpolicycustomconstraint.yaml | 173 + ...nfig_v1alpha1_osconfigpatchdeployment.yaml | 703 + .../osconfig_v1beta1_osconfigguestpolicy.yaml | 2 +- ...ig_v1beta1_osconfigospolicyassignment.yaml | 2 +- .../oslogin_v1alpha1_osloginsshpublickey.yaml | 148 + crds/privateca_v1beta1_privatecacapool.yaml | 9 +- ...rivateca_v1beta1_privatecacertificate.yaml | 2 +- ...v1beta1_privatecacertificateauthority.yaml | 9 +- ..._v1beta1_privatecacertificatetemplate.yaml | 2 +- crds/pubsub_v1beta1_pubsubschema.yaml | 2 +- crds/pubsub_v1beta1_pubsubsubscription.yaml | 4 +- crds/pubsub_v1beta1_pubsubtopic.yaml | 2 +- ...blite_v1alpha1_pubsublitesubscription.yaml | 179 + crds/pubsublite_v1alpha1_pubsublitetopic.yaml | 216 + ...sublite_v1beta1_pubsublitereservation.yaml | 2 +- ...rprise_v1beta1_recaptchaenterprisekey.yaml | 2 +- crds/redis_v1beta1_redisinstance.yaml | 2 +- crds/resourcemanager_v1beta1_folder.yaml | 2 +- crds/resourcemanager_v1beta1_project.yaml | 2 +- ...cemanager_v1beta1_resourcemanagerlien.yaml | 2 +- ...manager_v1beta1_resourcemanagerpolicy.yaml | 2 +- crds/run_v1beta1_runservice.yaml | 2 +- ...etmanager_v1beta1_secretmanagersecret.yaml | 2 +- ...er_v1beta1_secretmanagersecretversion.yaml | 2 +- ...pha1_securitycenternotificationconfig.yaml | 217 + ...ycenter_v1alpha1_securitycentersource.yaml | 175 + ...tory_v1beta1_servicedirectoryendpoint.yaml | 2 +- ...ory_v1beta1_servicedirectorynamespace.yaml | 2 +- ...ctory_v1beta1_servicedirectoryservice.yaml | 2 +- ...g_v1beta1_servicenetworkingconnection.yaml | 2 +- ...ha1_serviceusageconsumerquotaoverride.yaml | 194 + crds/serviceusage_v1beta1_service.yaml | 2 +- .../serviceusage_v1beta1_serviceidentity.yaml | 2 +- ...urcerepo_v1beta1_sourcereporepository.yaml | 2 +- crds/spanner_v1beta1_spannerdatabase.yaml | 2 +- crds/spanner_v1beta1_spannerinstance.yaml | 2 +- crds/sql_v1beta1_sqldatabase.yaml | 2 +- crds/sql_v1beta1_sqlinstance.yaml | 2 +- crds/sql_v1beta1_sqlsslcert.yaml | 2 +- crds/sql_v1beta1_sqluser.yaml | 2 +- crds/storage_v1alpha1_storagehmackey.yaml | 180 + crds/storage_v1beta1_storagebucket.yaml | 2 +- ...ge_v1beta1_storagebucketaccesscontrol.yaml | 2 +- ...ta1_storagedefaultobjectaccesscontrol.yaml | 2 +- crds/storage_v1beta1_storagenotification.yaml | 2 +- ...fer_v1alpha1_storagetransferagentpool.yaml | 174 + ...getransfer_v1beta1_storagetransferjob.yaml | 18 +- crds/tags_v1beta1_tagstagbinding.yaml | 2 +- crds/tags_v1beta1_tagstagkey.yaml | 2 +- crds/tags_v1beta1_tagstagvalue.yaml | 2 +- crds/tpu_v1alpha1_tpunode.yaml | 232 + crds/vertexai_v1alpha1_vertexaidataset.yaml | 198 + crds/vertexai_v1alpha1_vertexaiendpoint.yaml | 415 + ...ertexai_v1alpha1_vertexaifeaturestore.yaml | 227 + ...alpha1_vertexaifeaturestoreentitytype.yaml | 248 + ...vertexaifeaturestoreentitytypefeature.yaml | 154 + crds/vertexai_v1alpha1_vertexaiindex.yaml | 297 + ...rtexai_v1alpha1_vertexaimetadatastore.yaml | 194 + ...vertexai_v1alpha1_vertexaitensorboard.yaml | 202 + .../vpcaccess_v1beta1_vpcaccessconnector.yaml | 2 +- .../workflows_v1alpha1_workflowsworkflow.yaml | 195 + ...alpha1_workstationsworkstationcluster.yaml | 217 + .../0-cnrm-system.yaml | 1136 +- .../crds.yaml | 109832 ++++++++++----- .../0-cnrm-system.yaml | 1166 +- .../crds.yaml | 109832 ++++++++++----- .../per-namespace-components.yaml | 18 +- .../0-cnrm-system.yaml | 1136 +- .../crds.yaml | 109832 ++++++++++----- .../0-cnrm-system.yaml | 1136 +- .../install-bundle-gcp-identity/crds.yaml | 109832 ++++++++++----- .../0-cnrm-system.yaml | 1166 +- .../install-bundle-namespaced/crds.yaml | 109832 ++++++++++----- .../per-namespace-components.yaml | 18 +- .../0-cnrm-system.yaml | 1136 +- .../crds.yaml | 109832 ++++++++++----- 339 files changed, 462690 insertions(+), 236676 deletions(-) create mode 100644 crds/accesscontextmanager_v1alpha1_accesscontextmanageraccesslevelcondition.yaml create mode 100644 crds/accesscontextmanager_v1alpha1_accesscontextmanagergcpuseraccessbinding.yaml create mode 100644 crds/accesscontextmanager_v1alpha1_accesscontextmanagerserviceperimeterresource.yaml create mode 100644 crds/alloydb_v1alpha1_alloydbbackup.yaml create mode 100644 crds/alloydb_v1alpha1_alloydbcluster.yaml create mode 100644 crds/alloydb_v1alpha1_alloydbinstance.yaml create mode 100644 crds/apigateway_v1alpha1_apigatewayapi.yaml create mode 100644 crds/apigateway_v1alpha1_apigatewayapiconfig.yaml create mode 100644 crds/apigateway_v1alpha1_apigatewaygateway.yaml create mode 100644 crds/apigee_v1alpha1_apigeeaddonsconfig.yaml create mode 100644 crds/apigee_v1alpha1_apigeeendpointattachment.yaml create mode 100644 crds/apigee_v1alpha1_apigeeenvgroup.yaml create mode 100644 crds/apigee_v1alpha1_apigeeenvgroupattachment.yaml create mode 100644 crds/apigee_v1alpha1_apigeeinstance.yaml create mode 100644 crds/apigee_v1alpha1_apigeeinstanceattachment.yaml create mode 100644 crds/apigee_v1alpha1_apigeenataddress.yaml create mode 100644 crds/apigee_v1alpha1_apigeesyncauthorization.yaml create mode 100644 crds/appengine_v1alpha1_appenginedomainmapping.yaml create mode 100644 crds/appengine_v1alpha1_appenginefirewallrule.yaml create mode 100644 crds/appengine_v1alpha1_appengineflexibleappversion.yaml create mode 100644 crds/appengine_v1alpha1_appengineservicesplittraffic.yaml create mode 100644 crds/appengine_v1alpha1_appenginestandardappversion.yaml create mode 100644 crds/beyondcorp_v1alpha1_beyondcorpappconnection.yaml create mode 100644 crds/beyondcorp_v1alpha1_beyondcorpappconnector.yaml create mode 100644 crds/beyondcorp_v1alpha1_beyondcorpappgateway.yaml create mode 100644 crds/bigquery_v1alpha1_bigquerydatasetaccess.yaml create mode 100644 crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshubdataexchange.yaml create mode 100644 crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshublisting.yaml create mode 100644 crds/bigqueryconnection_v1alpha1_bigqueryconnectionconnection.yaml create mode 100644 crds/bigquerydatapolicy_v1alpha1_bigquerydatapolicydatapolicy.yaml create mode 100644 crds/bigquerydatatransfer_v1alpha1_bigquerydatatransferconfig.yaml create mode 100644 crds/bigqueryreservation_v1alpha1_bigqueryreservationreservation.yaml create mode 100644 crds/certificatemanager_v1alpha1_certificatemanagercertificate.yaml create mode 100644 crds/certificatemanager_v1alpha1_certificatemanagercertificatemap.yaml create mode 100644 crds/certificatemanager_v1alpha1_certificatemanagercertificatemapentry.yaml create mode 100644 crds/certificatemanager_v1alpha1_certificatemanagerdnsauthorization.yaml create mode 100644 crds/cloudasset_v1alpha1_cloudassetfolderfeed.yaml create mode 100644 crds/cloudasset_v1alpha1_cloudassetorganizationfeed.yaml create mode 100644 crds/cloudasset_v1alpha1_cloudassetprojectfeed.yaml create mode 100644 crds/cloudfunctions2_v1alpha1_cloudfunctions2function.yaml create mode 100644 crds/cloudids_v1alpha1_cloudidsendpoint.yaml create mode 100644 crds/cloudiot_v1alpha1_cloudiotdevice.yaml create mode 100644 crds/cloudtasks_v1alpha1_cloudtasksqueue.yaml create mode 100644 crds/compute_v1alpha1_computeautoscaler.yaml create mode 100644 crds/compute_v1alpha1_computebackendbucketsignedurlkey.yaml create mode 100644 crds/compute_v1alpha1_computebackendservicesignedurlkey.yaml create mode 100644 crds/compute_v1alpha1_computediskresourcepolicyattachment.yaml create mode 100644 crds/compute_v1alpha1_computeglobalnetworkendpoint.yaml create mode 100644 crds/compute_v1alpha1_computeglobalnetworkendpointgroup.yaml create mode 100644 crds/compute_v1alpha1_computeinstancegroupnamedport.yaml create mode 100644 crds/compute_v1alpha1_computemachineimage.yaml create mode 100644 crds/compute_v1alpha1_computemanagedsslcertificate.yaml create mode 100644 crds/compute_v1alpha1_computenetworkendpoint.yaml create mode 100644 crds/compute_v1alpha1_computenetworkpeeringroutesconfig.yaml create mode 100644 crds/compute_v1alpha1_computeorganizationsecuritypolicy.yaml create mode 100644 crds/compute_v1alpha1_computeorganizationsecuritypolicyassociation.yaml create mode 100644 crds/compute_v1alpha1_computeorganizationsecuritypolicyrule.yaml create mode 100644 crds/compute_v1alpha1_computeperinstanceconfig.yaml create mode 100644 crds/compute_v1alpha1_computeregionautoscaler.yaml create mode 100644 crds/compute_v1alpha1_computeregiondiskresourcepolicyattachment.yaml create mode 100644 crds/compute_v1alpha1_computeregionperinstanceconfig.yaml create mode 100644 crds/containeranalysis_v1alpha1_containeranalysisoccurrence.yaml create mode 100644 crds/datacatalog_v1alpha1_datacatalogentry.yaml create mode 100644 crds/datacatalog_v1alpha1_datacatalogentrygroup.yaml create mode 100644 crds/datacatalog_v1alpha1_datacatalogtag.yaml create mode 100644 crds/datacatalog_v1alpha1_datacatalogtagtemplate.yaml create mode 100644 crds/dataform_v1alpha1_dataformrepository.yaml create mode 100644 crds/datastore_v1alpha1_datastoreindex.yaml create mode 100644 crds/datastream_v1alpha1_datastreamconnectionprofile.yaml create mode 100644 crds/datastream_v1alpha1_datastreamprivateconnection.yaml create mode 100644 crds/datastream_v1alpha1_datastreamstream.yaml create mode 100644 crds/deploymentmanager_v1alpha1_deploymentmanagerdeployment.yaml create mode 100644 crds/dialogflow_v1alpha1_dialogflowagent.yaml create mode 100644 crds/dialogflow_v1alpha1_dialogflowentitytype.yaml create mode 100644 crds/dialogflow_v1alpha1_dialogflowfulfillment.yaml create mode 100644 crds/dialogflow_v1alpha1_dialogflowintent.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxagent.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxentitytype.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxflow.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxintent.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxpage.yaml create mode 100644 crds/dialogflowcx_v1alpha1_dialogflowcxwebhook.yaml create mode 100644 crds/dns_v1alpha1_dnsresponsepolicy.yaml create mode 100644 crds/dns_v1alpha1_dnsresponsepolicyrule.yaml create mode 100644 crds/documentai_v1alpha1_documentaiprocessor.yaml create mode 100644 crds/documentai_v1alpha1_documentaiprocessordefaultversion.yaml create mode 100644 crds/essentialcontacts_v1alpha1_essentialcontactscontact.yaml create mode 100644 crds/filestore_v1alpha1_filestoresnapshot.yaml create mode 100644 crds/firebase_v1alpha1_firebaseandroidapp.yaml create mode 100644 crds/firebase_v1alpha1_firebaseproject.yaml create mode 100644 crds/firebase_v1alpha1_firebasewebapp.yaml create mode 100644 crds/firebasedatabase_v1alpha1_firebasedatabaseinstance.yaml create mode 100644 crds/firebasehosting_v1alpha1_firebasehostingchannel.yaml create mode 100644 crds/firebasehosting_v1alpha1_firebasehostingsite.yaml create mode 100644 crds/firebasestorage_v1alpha1_firebasestoragebucket.yaml create mode 100644 crds/gkebackup_v1alpha1_gkebackupbackupplan.yaml create mode 100644 crds/healthcare_v1alpha1_healthcareconsentstore.yaml create mode 100644 crds/healthcare_v1alpha1_healthcaredataset.yaml create mode 100644 crds/healthcare_v1alpha1_healthcaredicomstore.yaml create mode 100644 crds/healthcare_v1alpha1_healthcarefhirstore.yaml create mode 100644 crds/healthcare_v1alpha1_healthcarehl7v2store.yaml create mode 100644 crds/identityplatform_v1alpha1_identityplatformdefaultsupportedidpconfig.yaml create mode 100644 crds/identityplatform_v1alpha1_identityplatforminboundsamlconfig.yaml create mode 100644 crds/identityplatform_v1alpha1_identityplatformprojectdefaultconfig.yaml create mode 100644 crds/identityplatform_v1alpha1_identityplatformtenantdefaultsupportedidpconfig.yaml create mode 100644 crds/identityplatform_v1alpha1_identityplatformtenantinboundsamlconfig.yaml create mode 100644 crds/kms_v1alpha1_kmscryptokeyversion.yaml create mode 100644 crds/kms_v1alpha1_kmskeyringimportjob.yaml create mode 100644 crds/kms_v1alpha1_kmssecretciphertext.yaml create mode 100644 crds/mlengine_v1alpha1_mlenginemodel.yaml create mode 100644 crds/networkmanagement_v1alpha1_networkmanagementconnectivitytest.yaml create mode 100644 crds/networkservices_v1alpha1_networkservicesedgecachekeyset.yaml create mode 100644 crds/networkservices_v1alpha1_networkservicesedgecacheorigin.yaml create mode 100644 crds/networkservices_v1alpha1_networkservicesedgecacheservice.yaml create mode 100644 crds/notebooks_v1alpha1_notebooksenvironment.yaml create mode 100644 crds/orgpolicy_v1alpha1_orgpolicycustomconstraint.yaml create mode 100644 crds/osconfig_v1alpha1_osconfigpatchdeployment.yaml create mode 100644 crds/oslogin_v1alpha1_osloginsshpublickey.yaml create mode 100644 crds/pubsublite_v1alpha1_pubsublitesubscription.yaml create mode 100644 crds/pubsublite_v1alpha1_pubsublitetopic.yaml create mode 100644 crds/securitycenter_v1alpha1_securitycenternotificationconfig.yaml create mode 100644 crds/securitycenter_v1alpha1_securitycentersource.yaml create mode 100644 crds/serviceusage_v1alpha1_serviceusageconsumerquotaoverride.yaml create mode 100644 crds/storage_v1alpha1_storagehmackey.yaml create mode 100644 crds/storagetransfer_v1alpha1_storagetransferagentpool.yaml create mode 100644 crds/tpu_v1alpha1_tpunode.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaidataset.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaiendpoint.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaifeaturestore.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaifeaturestoreentitytype.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaifeaturestoreentitytypefeature.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaiindex.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaimetadatastore.yaml create mode 100644 crds/vertexai_v1alpha1_vertexaitensorboard.yaml create mode 100644 crds/workflows_v1alpha1_workflowsworkflow.yaml create mode 100644 crds/workstations_v1alpha1_workstationsworkstationcluster.yaml diff --git a/crds/accesscontextmanager_v1alpha1_accesscontextmanageraccesslevelcondition.yaml b/crds/accesscontextmanager_v1alpha1_accesscontextmanageraccesslevelcondition.yaml new file mode 100644 index 0000000000..b45b0cefeb --- /dev/null +++ b/crds/accesscontextmanager_v1alpha1_accesscontextmanageraccesslevelcondition.yaml @@ -0,0 +1,260 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/accesscontextmanager_v1alpha1_accesscontextmanagergcpuseraccessbinding.yaml b/crds/accesscontextmanager_v1alpha1_accesscontextmanagergcpuseraccessbinding.yaml new file mode 100644 index 0000000000..cf825a6aae --- /dev/null +++ b/crds/accesscontextmanager_v1alpha1_accesscontextmanagergcpuseraccessbinding.yaml @@ -0,0 +1,181 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/accesscontextmanager_v1alpha1_accesscontextmanagerserviceperimeterresource.yaml b/crds/accesscontextmanager_v1alpha1_accesscontextmanagerserviceperimeterresource.yaml new file mode 100644 index 0000000000..0f83c53e77 --- /dev/null +++ b/crds/accesscontextmanager_v1alpha1_accesscontextmanagerserviceperimeterresource.yaml @@ -0,0 +1,160 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml index 6a17e57489..c6d2301bf2 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesslevel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml index 212ee18615..00d093b360 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanageraccesspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml b/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml index 69c1ea14d8..bd0b1fe8c4 100644 --- a/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml +++ b/crds/accesscontextmanager_v1beta1_accesscontextmanagerserviceperimeter.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/alloydb_v1alpha1_alloydbbackup.yaml b/crds/alloydb_v1alpha1_alloydbbackup.yaml new file mode 100644 index 0000000000..0a21624419 --- /dev/null +++ b/crds/alloydb_v1alpha1_alloydbbackup.yaml @@ -0,0 +1,196 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBBackup + plural: alloydbbackups + shortNames: + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clusterName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean + state: + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/alloydb_v1alpha1_alloydbcluster.yaml b/crds/alloydb_v1alpha1_alloydbcluster.yaml new file mode 100644 index 0000000000..da19621f53 --- /dev/null +++ b/crds/alloydb_v1alpha1_alloydbcluster.yaml @@ -0,0 +1,343 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBCluster + plural: alloydbclusters + shortNames: + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. + properties: + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. + properties: + count: + description: The number of backups to retain. + type: integer + type: object + timeBasedRetention: + description: Time-based Backup retention policy. + properties: + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes + type: object + type: object + displayName: + description: User-settable and human-readable display name for the + Cluster. + type: string + initialUser: + description: Initial user to setup during cluster creation. + properties: + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. + type: string + required: + - password + type: object + location: + description: Immutable. The location where the alloydb cluster should + reside. + type: string + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - network + - projectRef + type: object + status: + properties: + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. + items: + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object + type: array + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/alloydb_v1alpha1_alloydbinstance.yaml b/crds/alloydb_v1alpha1_alloydbinstance.yaml new file mode 100644 index 0000000000..9dc0f9249f --- /dev/null +++ b/crds/alloydb_v1alpha1_alloydbinstance.yaml @@ -0,0 +1,213 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbinstances.alloydb.cnrm.cloud.google.com +spec: + group: alloydb.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AlloyDBInstance + plural: alloydbinstances + shortNames: + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' + type: string + cluster: + description: |- + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. + type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. + type: object + displayName: + description: User-settable and human-readable display name for the + Instance. + type: string + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. + properties: + cpuCount: + description: The number of CPU's in the VM instance. + type: integer + type: object + readPoolConfig: + description: Read pool specific config. + properties: + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer + type: object + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - cluster + - instanceType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. + type: string + name: + description: The name of the instance resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. + type: string + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigateway_v1alpha1_apigatewayapi.yaml b/crds/apigateway_v1alpha1_apigatewayapi.yaml new file mode 100644 index 0000000000..8d2dbe7fe5 --- /dev/null +++ b/crds/apigateway_v1alpha1_apigatewayapi.yaml @@ -0,0 +1,171 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. + type: string + managedService: + description: |- + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigateway_v1alpha1_apigatewayapiconfig.yaml b/crds/apigateway_v1alpha1_apigatewayapiconfig.yaml new file mode 100644 index 0000000000..1011e0f287 --- /dev/null +++ b/crds/apigateway_v1alpha1_apigatewayapiconfig.yaml @@ -0,0 +1,286 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs + shortNames: + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. + items: + properties: + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. + type: string + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. + properties: + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + required: + - document + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigateway_v1alpha1_apigatewaygateway.yaml b/crds/apigateway_v1alpha1_apigatewaygateway.yaml new file mode 100644 index 0000000000..596505b245 --- /dev/null +++ b/crds/apigateway_v1alpha1_apigatewaygateway.yaml @@ -0,0 +1,176 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewaygateways.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayGateway + plural: apigatewaygateways + shortNames: + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the gateway for the API. + type: string + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeaddonsconfig.yaml b/crds/apigee_v1alpha1_apigeeaddonsconfig.yaml new file mode 100644 index 0000000000..c0688414fc --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeaddonsconfig.yaml @@ -0,0 +1,185 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. + properties: + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + apiSecurityConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string + type: object + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + type: object + org: + description: Immutable. Name of the Apigee organization. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - org + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeendpointattachment.yaml b/crds/apigee_v1alpha1_apigeeendpointattachment.yaml new file mode 100644 index 0000000000..90c4e56c47 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeendpointattachment.yaml @@ -0,0 +1,156 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments + shortNames: + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. Location of the endpoint attachment. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' + type: string + required: + - location + - orgId + - serviceAttachment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: + description: |- + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeenvgroup.yaml b/crds/apigee_v1alpha1_apigeeenvgroup.yaml new file mode 100644 index 0000000000..df3262ced2 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeenvgroup.yaml @@ -0,0 +1,140 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeenvgroupattachment.yaml b/crds/apigee_v1alpha1_apigeeenvgroupattachment.yaml new file mode 100644 index 0000000000..24a196895a --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeenvgroupattachment.yaml @@ -0,0 +1,142 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments + shortNames: + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeinstance.yaml b/crds/apigee_v1alpha1_apigeeinstance.yaml new file mode 100644 index 0000000000..b1a3e01894 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeinstance.yaml @@ -0,0 +1,188 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstances.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstance + plural: apigeeinstances + shortNames: + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. + items: + type: string + type: array + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string + displayName: + description: Immutable. Display name of the instance. + type: string + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - orgId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeeinstanceattachment.yaml b/crds/apigee_v1alpha1_apigeeinstanceattachment.yaml new file mode 100644 index 0000000000..3e7765e9f1 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeeinstanceattachment.yaml @@ -0,0 +1,142 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments + shortNames: + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + environment: + description: Immutable. The resource ID of the environment. + type: string + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - environment + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the newly created attachment (output parameter). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeenataddress.yaml b/crds/apigee_v1alpha1_apigeenataddress.yaml new file mode 100644 index 0000000000..f5c71fb054 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeenataddress.yaml @@ -0,0 +1,141 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeenataddresses.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeNATAddress + plural: apigeenataddresses + shortNames: + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instanceId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipAddress: + description: The allocated NAT IP address. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the NAT IP address. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1alpha1_apigeesyncauthorization.yaml b/crds/apigee_v1alpha1_apigeesyncauthorization.yaml new file mode 100644 index 0000000000..a225694557 --- /dev/null +++ b/crds/apigee_v1alpha1_apigeesyncauthorization.yaml @@ -0,0 +1,147 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations + shortNames: + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. + + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - identities + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/apigee_v1beta1_apigeeenvironment.yaml b/crds/apigee_v1beta1_apigeeenvironment.yaml index 2029731ba3..11a30a4632 100644 --- a/crds/apigee_v1beta1_apigeeenvironment.yaml +++ b/crds/apigee_v1beta1_apigeeenvironment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/apigee_v1beta1_apigeeorganization.yaml b/crds/apigee_v1beta1_apigeeorganization.yaml index 12d35c77db..3a25b22b0c 100644 --- a/crds/apigee_v1beta1_apigeeorganization.yaml +++ b/crds/apigee_v1beta1_apigeeorganization.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/appengine_v1alpha1_appenginedomainmapping.yaml b/crds/appengine_v1alpha1_appenginedomainmapping.yaml new file mode 100644 index 0000000000..e126e9f4aa --- /dev/null +++ b/crds/appengine_v1alpha1_appenginedomainmapping.yaml @@ -0,0 +1,187 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineDomainMapping + plural: appenginedomainmappings + shortNames: + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: + properties: + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' + type: string + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/appengine_v1alpha1_appenginefirewallrule.yaml b/crds/appengine_v1alpha1_appenginefirewallrule.yaml new file mode 100644 index 0000000000..b63f9f72d2 --- /dev/null +++ b/crds/appengine_v1alpha1_appenginefirewallrule.yaml @@ -0,0 +1,145 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string + description: + description: An optional string description of this rule. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. + type: string + required: + - action + - sourceRange + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/appengine_v1alpha1_appengineflexibleappversion.yaml b/crds/appengine_v1alpha1_appengineflexibleappversion.yaml new file mode 100644 index 0000000000..edeaebc400 --- /dev/null +++ b/crds/appengine_v1alpha1_appengineflexibleappversion.yaml @@ -0,0 +1,713 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions + shortNames: + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiConfig: + description: Serving configuration for Google Cloud Endpoints. + properties: + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script + type: object + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + coolDownPeriod: + description: |- + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. + properties: + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. + type: string + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. + type: string + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - appYamlPath + type: object + container: + description: The Docker image for the container that runs the + version. + properties: + image: + description: |- + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". + type: string + required: + - image + type: object + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: + description: |- + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' + type: string + required: + - name + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + type: string + type: array + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: + description: |- + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. + + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. + type: string + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. + items: + properties: + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string + required: + - name + - sizeGb + - volumeType + type: object + type: array + type: object + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. + type: string + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/appengine_v1alpha1_appengineservicesplittraffic.yaml b/crds/appengine_v1alpha1_appengineservicesplittraffic.yaml new file mode 100644 index 0000000000..8d732da30f --- /dev/null +++ b/crds/appengine_v1alpha1_appengineservicesplittraffic.yaml @@ -0,0 +1,162 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. + properties: + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. + type: object + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' + type: string + required: + - allocations + type: object + required: + - split + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/appengine_v1alpha1_appenginestandardappversion.yaml b/crds/appengine_v1alpha1_appenginestandardappversion.yaml new file mode 100644 index 0000000000..1ca99ee72b --- /dev/null +++ b/crds/appengine_v1alpha1_appenginestandardappversion.yaml @@ -0,0 +1,463 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions + shortNames: + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. + properties: + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. + + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. + properties: + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number + type: object + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: + description: |- + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer + required: + - maxInstances + type: object + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: + description: |- + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + runtime: + description: Desired runtime. Example python27. + type: string + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. + properties: + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. + type: string + name: + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. + type: string + required: + - name + type: object + required: + - deployment + - entrypoint + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml b/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml index 8a9e0aea29..e948f2285c 100644 --- a/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml +++ b/crds/artifactregistry_v1beta1_artifactregistryrepository.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -74,6 +74,16 @@ spec: description: description: The user-provided description of the repository. type: string + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object format: description: |- Immutable. The format of packages that are stored in the repository. Supported formats @@ -272,7 +282,7 @@ spec: name: description: |- The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource diff --git a/crds/beyondcorp_v1alpha1_beyondcorpappconnection.yaml b/crds/beyondcorp_v1alpha1_beyondcorpappconnection.yaml new file mode 100644 index 0000000000..08b66cd15d --- /dev/null +++ b/crds/beyondcorp_v1alpha1_beyondcorpappconnection.yaml @@ -0,0 +1,214 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections + shortNames: + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnection. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. + type: string + required: + - applicationEndpoint + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/beyondcorp_v1alpha1_beyondcorpappconnector.yaml b/crds/beyondcorp_v1alpha1_beyondcorpappconnector.yaml new file mode 100644 index 0000000000..341ca0216e --- /dev/null +++ b/crds/beyondcorp_v1alpha1_beyondcorpappconnector.yaml @@ -0,0 +1,183 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors + shortNames: + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. + properties: + serviceAccount: + description: ServiceAccount represents a GCP service account. + properties: + email: + description: Email address of the service account. + type: string + required: + - email + type: object + required: + - serviceAccount + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppConnector. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - principalInfo + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppConnector. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/beyondcorp_v1alpha1_beyondcorpappgateway.yaml b/crds/beyondcorp_v1alpha1_beyondcorpappgateway.yaml new file mode 100644 index 0000000000..c1d9bc2698 --- /dev/null +++ b/crds/beyondcorp_v1alpha1_beyondcorpappgateway.yaml @@ -0,0 +1,192 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com +spec: + group: beyondcorp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways + shortNames: + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. + type: string + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the AppGateway. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigquery_v1alpha1_bigquerydatasetaccess.yaml b/crds/bigquery_v1alpha1_bigquerydatasetaccess.yaml new file mode 100644 index 0000000000..d5cd406549 --- /dev/null +++ b/crds/bigquery_v1alpha1_bigquerydatasetaccess.yaml @@ -0,0 +1,270 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + datasetId: + description: |- + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + type: string + domain: + description: |- + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. + type: string + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + required: + - datasetId + - projectRef + type: object + status: + properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigquery_v1beta1_bigquerydataset.yaml b/crds/bigquery_v1beta1_bigquerydataset.yaml index a13a5dc686..e69560bb53 100644 --- a/crds/bigquery_v1beta1_bigquerydataset.yaml +++ b/crds/bigquery_v1beta1_bigquerydataset.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -169,6 +169,19 @@ spec: type: object type: object type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string defaultEncryptionConfiguration: description: |- The default encryption key for all tables in the dataset. Once this property is set, @@ -249,6 +262,12 @@ spec: friendlyName: description: A descriptive name for the dataset. type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean location: description: |- Immutable. The geographic location where the dataset should reside. diff --git a/crds/bigquery_v1beta1_bigqueryjob.yaml b/crds/bigquery_v1beta1_bigqueryjob.yaml index d8ac2e0910..1e7df61d6c 100644 --- a/crds/bigquery_v1beta1_bigqueryjob.yaml +++ b/crds/bigquery_v1beta1_bigqueryjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigquery_v1beta1_bigqueryroutine.yaml b/crds/bigquery_v1beta1_bigqueryroutine.yaml index bfd5e306b7..61289fb25e 100644 --- a/crds/bigquery_v1beta1_bigqueryroutine.yaml +++ b/crds/bigquery_v1beta1_bigqueryroutine.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigquery_v1beta1_bigquerytable.yaml b/crds/bigquery_v1beta1_bigquerytable.yaml index b56884a399..382a013023 100644 --- a/crds/bigquery_v1beta1_bigquerytable.yaml +++ b/crds/bigquery_v1beta1_bigquerytable.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshubdataexchange.yaml b/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshubdataexchange.yaml new file mode 100644 index 0000000000..94e2685438 --- /dev/null +++ b/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshubdataexchange.yaml @@ -0,0 +1,188 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: + description: |- + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshublisting.yaml b/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshublisting.yaml new file mode 100644 index 0000000000..92925bde6d --- /dev/null +++ b/crds/bigqueryanalyticshub_v1alpha1_bigqueryanalyticshublisting.yaml @@ -0,0 +1,239 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings + shortNames: + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. + properties: + name: + description: Name of the listing publisher. + type: string + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name + type: object + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. + type: string + resourceID: + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigqueryconnection_v1alpha1_bigqueryconnectionconnection.yaml b/crds/bigqueryconnection_v1alpha1_bigqueryconnectionconnection.yaml new file mode 100644 index 0000000000..0bd395377b --- /dev/null +++ b/crds/bigqueryconnection_v1alpha1_bigqueryconnectionconnection.yaml @@ -0,0 +1,336 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com +spec: + group: bigqueryconnection.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections + shortNames: + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + aws: + description: Connection properties specific to Amazon Web Services. + properties: + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. + properties: + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId + type: object + required: + - accessRole + type: object + azure: + description: Container for connection properties specific to Azure. + properties: + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId + type: object + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. + properties: + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. + type: string + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. + type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database + type: object + cloudSql: + description: Connection properties specific to the Cloud SQL. + properties: + credential: + description: Cloud SQL properties. + properties: + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for database. + type: string + required: + - password + - username + type: object + database: + description: Database name. + type: string + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type + type: object + description: + description: A descriptive description for the connection. + type: string + friendlyName: + description: A descriptive name for the connection. + type: string + location: + description: |- + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigquerydatapolicy_v1alpha1_bigquerydatapolicydatapolicy.yaml b/crds/bigquerydatapolicy_v1alpha1_bigquerydatapolicydatapolicy.yaml new file mode 100644 index 0000000000..2bd59f57b7 --- /dev/null +++ b/crds/bigquerydatapolicy_v1alpha1_bigquerydatapolicydatapolicy.yaml @@ -0,0 +1,186 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. + properties: + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' + type: string + required: + - predefinedExpression + type: object + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' + type: string + location: + description: Immutable. The name of the location of the data policy. + type: string + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigquerydatatransfer_v1alpha1_bigquerydatatransferconfig.yaml b/crds/bigquerydatatransfer_v1alpha1_bigquerydatatransferconfig.yaml new file mode 100644 index 0000000000..d7512036fe --- /dev/null +++ b/crds/bigquerydatatransfer_v1alpha1_bigquerydatatransferconfig.yaml @@ -0,0 +1,311 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com +spec: + group: bigquerydatatransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs + shortNames: + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. + type: string + destinationDatasetId: + description: The BigQuery target dataset id. + type: string + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. + type: string + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. + type: string + params: + additionalProperties: + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. + type: string + required: + - dataSourceId + - displayName + - params + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigqueryreservation_v1alpha1_bigqueryreservationreservation.yaml b/crds/bigqueryreservation_v1alpha1_bigqueryreservationreservation.yaml new file mode 100644 index 0000000000..394ac35216 --- /dev/null +++ b/crds/bigqueryreservation_v1alpha1_bigqueryreservationreservation.yaml @@ -0,0 +1,202 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com +spec: + group: bigqueryreservation.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations + shortNames: + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. + type: string + ignoreIdleSlots: + description: |- + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + type: string + multiRegionAuxiliary: + description: |- + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + slotCapacity: + description: |- + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/bigtable_v1beta1_bigtableappprofile.yaml b/crds/bigtable_v1beta1_bigtableappprofile.yaml index 3591140106..ee3a6b08f2 100644 --- a/crds/bigtable_v1beta1_bigtableappprofile.yaml +++ b/crds/bigtable_v1beta1_bigtableappprofile.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtablegcpolicy.yaml b/crds/bigtable_v1beta1_bigtablegcpolicy.yaml index 797eecb7ba..9b4622a8d2 100644 --- a/crds/bigtable_v1beta1_bigtablegcpolicy.yaml +++ b/crds/bigtable_v1beta1_bigtablegcpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtableinstance.yaml b/crds/bigtable_v1beta1_bigtableinstance.yaml index 30143b5c42..84def08105 100644 --- a/crds/bigtable_v1beta1_bigtableinstance.yaml +++ b/crds/bigtable_v1beta1_bigtableinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/bigtable_v1beta1_bigtabletable.yaml b/crds/bigtable_v1beta1_bigtabletable.yaml index 31743c0d30..b207ef886d 100644 --- a/crds/bigtable_v1beta1_bigtabletable.yaml +++ b/crds/bigtable_v1beta1_bigtabletable.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml b/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml index c90b877217..b7aab2589f 100644 --- a/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml +++ b/crds/billingbudgets_v1beta1_billingbudgetsbudget.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml b/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml index 0804bd4aec..11deb19b15 100644 --- a/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml +++ b/crds/binaryauthorization_v1beta1_binaryauthorizationattestor.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml b/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml index 54ce4c05db..9209f80064 100644 --- a/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml +++ b/crds/binaryauthorization_v1beta1_binaryauthorizationpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/certificatemanager_v1alpha1_certificatemanagercertificate.yaml b/crds/certificatemanager_v1alpha1_certificatemanagercertificate.yaml new file mode 100644 index 0000000000..f9074a7fce --- /dev/null +++ b/crds/certificatemanager_v1alpha1_certificatemanagercertificate.yaml @@ -0,0 +1,371 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: + properties: + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. + type: string + domain: + description: Domain name of the authorization attempt. + type: string + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. + type: string + type: object + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: + type: string + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: + properties: + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. + type: string + reason: + description: Reason for provisioning failures. + type: string + type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. + type: string + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/certificatemanager_v1alpha1_certificatemanagercertificatemap.yaml b/crds/certificatemanager_v1alpha1_certificatemanagercertificatemap.yaml new file mode 100644 index 0000000000..06155558a8 --- /dev/null +++ b/crds/certificatemanager_v1alpha1_certificatemanagercertificatemap.yaml @@ -0,0 +1,205 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/certificatemanager_v1alpha1_certificatemanagercertificatemapentry.yaml b/crds/certificatemanager_v1alpha1_certificatemanagercertificatemapentry.yaml new file mode 100644 index 0000000000..dda1e555e1 --- /dev/null +++ b/crds/certificatemanager_v1alpha1_certificatemanagercertificatemapentry.yaml @@ -0,0 +1,199 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries + shortNames: + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/certificatemanager_v1alpha1_certificatemanagerdnsauthorization.yaml b/crds/certificatemanager_v1alpha1_certificatemanagerdnsauthorization.yaml new file mode 100644 index 0000000000..a14a0401bb --- /dev/null +++ b/crds/certificatemanager_v1alpha1_certificatemanagerdnsauthorization.yaml @@ -0,0 +1,187 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. + items: + properties: + data: + description: Data of the DNS Resource Record. + type: string + name: + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. + type: string + type: + description: Type of the DNS Resource Record. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudasset_v1alpha1_cloudassetfolderfeed.yaml b/crds/cloudasset_v1alpha1_cloudassetfolderfeed.yaml new file mode 100644 index 0000000000..14cffee0bf --- /dev/null +++ b/crds/cloudasset_v1alpha1_cloudassetfolderfeed.yaml @@ -0,0 +1,251 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. + type: string + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudasset_v1alpha1_cloudassetorganizationfeed.yaml b/crds/cloudasset_v1alpha1_cloudassetorganizationfeed.yaml new file mode 100644 index 0000000000..daad2c47b6 --- /dev/null +++ b/crds/cloudasset_v1alpha1_cloudassetorganizationfeed.yaml @@ -0,0 +1,243 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds + shortNames: + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudasset_v1alpha1_cloudassetprojectfeed.yaml b/crds/cloudasset_v1alpha1_cloudassetprojectfeed.yaml new file mode 100644 index 0000000000..8a40b8c452 --- /dev/null +++ b/crds/cloudasset_v1alpha1_cloudassetprojectfeed.yaml @@ -0,0 +1,242 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml b/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml index b4fc9200bd..fb37fe6dde 100644 --- a/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml +++ b/crds/cloudbuild_v1beta1_cloudbuildtrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/cloudfunctions2_v1alpha1_cloudfunctions2function.yaml b/crds/cloudfunctions2_v1alpha1_cloudfunctions2function.yaml new file mode 100644 index 0000000000..7e7ff79c5c --- /dev/null +++ b/crds/cloudfunctions2_v1alpha1_cloudfunctions2function.yaml @@ -0,0 +1,477 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com +spec: + group: cloudfunctions2.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudFunctions2Function + plural: cloudfunctions2functions + shortNames: + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + buildConfig: + description: |- + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object + description: + description: User-provided description of a function. + type: string + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + environment: + description: The environment the function is hosted on. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml b/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml index be249572fc..a448bf50d6 100644 --- a/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml +++ b/crds/cloudfunctions_v1beta1_cloudfunctionsfunction.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml b/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml index ba2de33429..927af34256 100644 --- a/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml +++ b/crds/cloudidentity_v1beta1_cloudidentitygroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml b/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml index dbf2a62a1f..1bd7cc5bc0 100644 --- a/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml +++ b/crds/cloudidentity_v1beta1_cloudidentitymembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudids_v1alpha1_cloudidsendpoint.yaml b/crds/cloudids_v1alpha1_cloudidsendpoint.yaml new file mode 100644 index 0000000000..0b2f2279fb --- /dev/null +++ b/crds/cloudids_v1alpha1_cloudidsendpoint.yaml @@ -0,0 +1,195 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com +spec: + group: cloudids.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIDSEndpoint + plural: cloudidsendpoints + shortNames: + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array + required: + - location + - network + - projectRef + - severity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudiot_v1alpha1_cloudiotdevice.yaml b/crds/cloudiot_v1alpha1_cloudiotdevice.yaml new file mode 100644 index 0000000000..438beb3377 --- /dev/null +++ b/crds/cloudiot_v1alpha1_cloudiotdevice.yaml @@ -0,0 +1,274 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com +spec: + group: cloudiot.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudIOTDevice + plural: cloudiotdevices + shortNames: + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string + required: + - format + - key + type: object + required: + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. + properties: + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' + type: string + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' + type: string + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. + type: string + type: object + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' + type: string + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - registry + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. + items: + properties: + binaryData: + description: The device configuration data. + type: string + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. + type: string + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. + type: string + version: + description: The version of this update. + type: string + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. + type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + type: object + type: array + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml b/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml index 84d0561faa..5bd7c5cb2b 100644 --- a/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml +++ b/crds/cloudscheduler_v1beta1_cloudschedulerjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/cloudtasks_v1alpha1_cloudtasksqueue.yaml b/crds/cloudtasks_v1alpha1_cloudtasksqueue.yaml new file mode 100644 index 0000000000..7b1779b9a1 --- /dev/null +++ b/crds/cloudtasks_v1alpha1_cloudtasksqueue.yaml @@ -0,0 +1,283 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com +spec: + group: cloudtasks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudTasksQueue + plural: cloudtasksqueues + shortNames: + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. + properties: + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. + type: string + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. + type: string + type: object + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeautoscaler.yaml b/crds/compute_v1alpha1_computeautoscaler.yaml new file mode 100644 index 0000000000..1ca1503285 --- /dev/null +++ b/crds/compute_v1alpha1_computeautoscaler.yaml @@ -0,0 +1,468 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string + required: + - autoscalingPolicy + - projectRef + - targetRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computebackendbucketsignedurlkey.yaml b/crds/compute_v1alpha1_computebackendbucketsignedurlkey.yaml new file mode 100644 index 0000000000..cab0551b59 --- /dev/null +++ b/crds/compute_v1alpha1_computebackendbucketsignedurlkey.yaml @@ -0,0 +1,226 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys + shortNames: + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendBucketRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computebackendservicesignedurlkey.yaml b/crds/compute_v1alpha1_computebackendservicesignedurlkey.yaml new file mode 100644 index 0000000000..c955e20fd5 --- /dev/null +++ b/crds/compute_v1alpha1_computebackendservicesignedurlkey.yaml @@ -0,0 +1,226 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys + shortNames: + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computediskresourcepolicyattachment.yaml b/crds/compute_v1alpha1_computediskresourcepolicyattachment.yaml new file mode 100644 index 0000000000..d790dc6930 --- /dev/null +++ b/crds/compute_v1alpha1_computediskresourcepolicyattachment.yaml @@ -0,0 +1,189 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments + shortNames: + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string + required: + - diskRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeglobalnetworkendpoint.yaml b/crds/compute_v1alpha1_computeglobalnetworkendpoint.yaml new file mode 100644 index 0000000000..a9e21879fa --- /dev/null +++ b/crds/compute_v1alpha1_computeglobalnetworkendpoint.yaml @@ -0,0 +1,170 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints + shortNames: + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - globalNetworkEndpointGroup + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeglobalnetworkendpointgroup.yaml b/crds/compute_v1alpha1_computeglobalnetworkendpointgroup.yaml new file mode 100644 index 0000000000..0a2d6205e4 --- /dev/null +++ b/crds/compute_v1alpha1_computeglobalnetworkendpointgroup.yaml @@ -0,0 +1,174 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups + shortNames: + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkEndpointType + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeinstancegroupnamedport.yaml b/crds/compute_v1alpha1_computeinstancegroupnamedport.yaml new file mode 100644 index 0000000000..3ce42edf6c --- /dev/null +++ b/crds/compute_v1alpha1_computeinstancegroupnamedport.yaml @@ -0,0 +1,194 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computemachineimage.yaml b/crds/compute_v1alpha1_computemachineimage.yaml new file mode 100644 index 0000000000..0324561eaa --- /dev/null +++ b/crds/compute_v1alpha1_computemachineimage.yaml @@ -0,0 +1,229 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computemanagedsslcertificate.yaml b/crds/compute_v1alpha1_computemanagedsslcertificate.yaml new file mode 100644 index 0000000000..c8f4b2a15f --- /dev/null +++ b/crds/compute_v1alpha1_computemanagedsslcertificate.yaml @@ -0,0 +1,197 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computenetworkendpoint.yaml b/crds/compute_v1alpha1_computenetworkendpoint.yaml new file mode 100644 index 0000000000..c1e5993b1f --- /dev/null +++ b/crds/compute_v1alpha1_computenetworkendpoint.yaml @@ -0,0 +1,224 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computenetworkpeeringroutesconfig.yaml b/crds/compute_v1alpha1_computenetworkpeeringroutesconfig.yaml new file mode 100644 index 0000000000..ee4da0e140 --- /dev/null +++ b/crds/compute_v1alpha1_computenetworkpeeringroutesconfig.yaml @@ -0,0 +1,193 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeorganizationsecuritypolicy.yaml b/crds/compute_v1alpha1_computeorganizationsecuritypolicy.yaml new file mode 100644 index 0000000000..0e6db1d9ad --- /dev/null +++ b/crds/compute_v1alpha1_computeorganizationsecuritypolicy.yaml @@ -0,0 +1,157 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeorganizationsecuritypolicyassociation.yaml b/crds/compute_v1alpha1_computeorganizationsecuritypolicyassociation.yaml new file mode 100644 index 0000000000..04bb35129f --- /dev/null +++ b/crds/compute_v1alpha1_computeorganizationsecuritypolicyassociation.yaml @@ -0,0 +1,141 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeorganizationsecuritypolicyrule.yaml b/crds/compute_v1alpha1_computeorganizationsecuritypolicyrule.yaml new file mode 100644 index 0000000000..85938c9830 --- /dev/null +++ b/crds/compute_v1alpha1_computeorganizationsecuritypolicyrule.yaml @@ -0,0 +1,238 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeperinstanceconfig.yaml b/crds/compute_v1alpha1_computeperinstanceconfig.yaml new file mode 100644 index 0000000000..a44a9c6fb0 --- /dev/null +++ b/crds/compute_v1alpha1_computeperinstanceconfig.yaml @@ -0,0 +1,309 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeregionautoscaler.yaml b/crds/compute_v1alpha1_computeregionautoscaler.yaml new file mode 100644 index 0000000000..fbd689b55f --- /dev/null +++ b/crds/compute_v1alpha1_computeregionautoscaler.yaml @@ -0,0 +1,446 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeregiondiskresourcepolicyattachment.yaml b/crds/compute_v1alpha1_computeregiondiskresourcepolicyattachment.yaml new file mode 100644 index 0000000000..477350954d --- /dev/null +++ b/crds/compute_v1alpha1_computeregiondiskresourcepolicyattachment.yaml @@ -0,0 +1,189 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1alpha1_computeregionperinstanceconfig.yaml b/crds/compute_v1alpha1_computeregionperinstanceconfig.yaml new file mode 100644 index 0000000000..0df18e8836 --- /dev/null +++ b/crds/compute_v1alpha1_computeregionperinstanceconfig.yaml @@ -0,0 +1,309 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/compute_v1beta1_computeaddress.yaml b/crds/compute_v1beta1_computeaddress.yaml index 27aab88dd5..3600b8c98e 100644 --- a/crds/compute_v1beta1_computeaddress.yaml +++ b/crds/compute_v1beta1_computeaddress.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -79,8 +79,9 @@ spec: if any. Set by the API if undefined. type: string addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. type: string description: description: Immutable. An optional description of this resource. @@ -131,7 +132,8 @@ spec: networkTier: description: |- Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. type: string prefixLength: description: Immutable. The prefix length if the resource represents diff --git a/crds/compute_v1beta1_computebackendbucket.yaml b/crds/compute_v1beta1_computebackendbucket.yaml index 5397f6a154..9f790442e1 100644 --- a/crds/compute_v1beta1_computebackendbucket.yaml +++ b/crds/compute_v1beta1_computebackendbucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computebackendservice.yaml b/crds/compute_v1beta1_computebackendservice.yaml index eed8e146f5..d7448c7d23 100644 --- a/crds/compute_v1beta1_computebackendservice.yaml +++ b/crds/compute_v1beta1_computebackendservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -896,20 +896,36 @@ spec: build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + This field is applicable to either: * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED. * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string location: description: 'Location represents the geographical location of the diff --git a/crds/compute_v1beta1_computedisk.yaml b/crds/compute_v1beta1_computedisk.yaml index 32427a8b53..6b8366ae62 100644 --- a/crds/compute_v1beta1_computedisk.yaml +++ b/crds/compute_v1beta1_computedisk.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeexternalvpngateway.yaml b/crds/compute_v1beta1_computeexternalvpngateway.yaml index fb67b1dc4d..6392b4c9e7 100644 --- a/crds/compute_v1beta1_computeexternalvpngateway.yaml +++ b/crds/compute_v1beta1_computeexternalvpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computefirewall.yaml b/crds/compute_v1beta1_computefirewall.yaml index ae5952d397..0a205f4148 100644 --- a/crds/compute_v1beta1_computefirewall.yaml +++ b/crds/compute_v1beta1_computefirewall.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -139,7 +139,7 @@ spec: description: |- If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. items: type: string type: array @@ -227,8 +227,8 @@ spec: apply to traffic that has source IP address within sourceRanges OR the source IP that belongs to a tag listed in the sourceTags property. The connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. items: type: string type: array diff --git a/crds/compute_v1beta1_computefirewallpolicy.yaml b/crds/compute_v1beta1_computefirewallpolicy.yaml index c0af11ee84..7b51a8b419 100644 --- a/crds/compute_v1beta1_computefirewallpolicy.yaml +++ b/crds/compute_v1beta1_computefirewallpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computefirewallpolicyassociation.yaml b/crds/compute_v1beta1_computefirewallpolicyassociation.yaml index c0de6ef50f..f255a61ba3 100644 --- a/crds/compute_v1beta1_computefirewallpolicyassociation.yaml +++ b/crds/compute_v1beta1_computefirewallpolicyassociation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computefirewallpolicyrule.yaml b/crds/compute_v1beta1_computefirewallpolicyrule.yaml index ff4a921421..b718504951 100644 --- a/crds/compute_v1beta1_computefirewallpolicyrule.yaml +++ b/crds/compute_v1beta1_computefirewallpolicyrule.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeforwardingrule.yaml b/crds/compute_v1beta1_computeforwardingrule.yaml index 12dc84ddb7..9b123b81c1 100644 --- a/crds/compute_v1beta1_computeforwardingrule.yaml +++ b/crds/compute_v1beta1_computeforwardingrule.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehealthcheck.yaml b/crds/compute_v1beta1_computehealthcheck.yaml index d17c15e3df..7e87b2710b 100644 --- a/crds/compute_v1beta1_computehealthcheck.yaml +++ b/crds/compute_v1beta1_computehealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehttphealthcheck.yaml b/crds/compute_v1beta1_computehttphealthcheck.yaml index 786f142c98..a7cabc60cc 100644 --- a/crds/compute_v1beta1_computehttphealthcheck.yaml +++ b/crds/compute_v1beta1_computehttphealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computehttpshealthcheck.yaml b/crds/compute_v1beta1_computehttpshealthcheck.yaml index 6f16408143..4a4d0fbbbf 100644 --- a/crds/compute_v1beta1_computehttpshealthcheck.yaml +++ b/crds/compute_v1beta1_computehttpshealthcheck.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeimage.yaml b/crds/compute_v1beta1_computeimage.yaml index 00a03c56cd..34e087486c 100644 --- a/crds/compute_v1beta1_computeimage.yaml +++ b/crds/compute_v1beta1_computeimage.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -130,7 +130,7 @@ spec: [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: ["MULTI_IP_SUBNET", "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' type: string required: - type diff --git a/crds/compute_v1beta1_computeinstance.yaml b/crds/compute_v1beta1_computeinstance.yaml index 92aa109341..e5b3bc217d 100644 --- a/crds/compute_v1beta1_computeinstance.yaml +++ b/crds/compute_v1beta1_computeinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -836,6 +836,10 @@ spec: description: The disk interface used for attaching this disk. One of SCSI or NVME. type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer required: - interface type: object diff --git a/crds/compute_v1beta1_computeinstancegroup.yaml b/crds/compute_v1beta1_computeinstancegroup.yaml index 5ce9e484dd..73e714b52a 100644 --- a/crds/compute_v1beta1_computeinstancegroup.yaml +++ b/crds/compute_v1beta1_computeinstancegroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeinstancegroupmanager.yaml b/crds/compute_v1beta1_computeinstancegroupmanager.yaml index bef2d4a83a..27a76acf23 100644 --- a/crds/compute_v1beta1_computeinstancegroupmanager.yaml +++ b/crds/compute_v1beta1_computeinstancegroupmanager.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeinstancetemplate.yaml b/crds/compute_v1beta1_computeinstancetemplate.yaml index 4ce1c7eb6b..a9b41a7d0b 100644 --- a/crds/compute_v1beta1_computeinstancetemplate.yaml +++ b/crds/compute_v1beta1_computeinstancetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -174,7 +174,8 @@ spec: diskSizeGb: description: Immutable. The size of the image in gigabytes. If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. type: integer diskType: description: Immutable. The Google Compute Engine disk type. @@ -972,6 +973,10 @@ spec: selfLink: description: The URI of the created resource. type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string tagsFingerprint: description: The unique fingerprint of the tags. type: string diff --git a/crds/compute_v1beta1_computeinterconnectattachment.yaml b/crds/compute_v1beta1_computeinterconnectattachment.yaml index 203353465c..3babf68be1 100644 --- a/crds/compute_v1beta1_computeinterconnectattachment.yaml +++ b/crds/compute_v1beta1_computeinterconnectattachment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenetwork.yaml b/crds/compute_v1beta1_computenetwork.yaml index 448bc6183b..dc88a101a2 100644 --- a/crds/compute_v1beta1_computenetwork.yaml +++ b/crds/compute_v1beta1_computenetwork.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -113,6 +113,13 @@ spec: if the packets are routed to the Internet or other VPCs \nwith varying MTUs." type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` diff --git a/crds/compute_v1beta1_computenetworkendpointgroup.yaml b/crds/compute_v1beta1_computenetworkendpointgroup.yaml index 6cfff85486..9c9eb12928 100644 --- a/crds/compute_v1beta1_computenetworkendpointgroup.yaml +++ b/crds/compute_v1beta1_computenetworkendpointgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenetworkpeering.yaml b/crds/compute_v1beta1_computenetworkpeering.yaml index 3ce599938a..6b9a59db65 100644 --- a/crds/compute_v1beta1_computenetworkpeering.yaml +++ b/crds/compute_v1beta1_computenetworkpeering.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenodegroup.yaml b/crds/compute_v1beta1_computenodegroup.yaml index 248529df73..f391b86097 100644 --- a/crds/compute_v1beta1_computenodegroup.yaml +++ b/crds/compute_v1beta1_computenodegroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computenodetemplate.yaml b/crds/compute_v1beta1_computenodetemplate.yaml index eb526095b8..f2453f89e5 100644 --- a/crds/compute_v1beta1_computenodetemplate.yaml +++ b/crds/compute_v1beta1_computenodetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computepacketmirroring.yaml b/crds/compute_v1beta1_computepacketmirroring.yaml index fb5e33758b..68be4a8cf2 100644 --- a/crds/compute_v1beta1_computepacketmirroring.yaml +++ b/crds/compute_v1beta1_computepacketmirroring.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computeprojectmetadata.yaml b/crds/compute_v1beta1_computeprojectmetadata.yaml index cd9fb6cd44..c1656b84a9 100644 --- a/crds/compute_v1beta1_computeprojectmetadata.yaml +++ b/crds/compute_v1beta1_computeprojectmetadata.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml b/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml index 08d83aa2ed..e442998fc6 100644 --- a/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml +++ b/crds/compute_v1beta1_computeregionnetworkendpointgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computereservation.yaml b/crds/compute_v1beta1_computereservation.yaml index 4dc4ed0333..2ad435dd19 100644 --- a/crds/compute_v1beta1_computereservation.yaml +++ b/crds/compute_v1beta1_computereservation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeresourcepolicy.yaml b/crds/compute_v1beta1_computeresourcepolicy.yaml index d080941f6b..8e602ecf39 100644 --- a/crds/compute_v1beta1_computeresourcepolicy.yaml +++ b/crds/compute_v1beta1_computeresourcepolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeroute.yaml b/crds/compute_v1beta1_computeroute.yaml index 87497edb6e..38ec591af3 100644 --- a/crds/compute_v1beta1_computeroute.yaml +++ b/crds/compute_v1beta1_computeroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouter.yaml b/crds/compute_v1beta1_computerouter.yaml index 89341fd833..5053191b09 100644 --- a/crds/compute_v1beta1_computerouter.yaml +++ b/crds/compute_v1beta1_computerouter.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouterinterface.yaml b/crds/compute_v1beta1_computerouterinterface.yaml index 209ff0ceb1..fd6f709396 100644 --- a/crds/compute_v1beta1_computerouterinterface.yaml +++ b/crds/compute_v1beta1_computerouterinterface.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouternat.yaml b/crds/compute_v1beta1_computerouternat.yaml index f06acdc2f4..ad5dbce66c 100644 --- a/crds/compute_v1beta1_computerouternat.yaml +++ b/crds/compute_v1beta1_computerouternat.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computerouterpeer.yaml b/crds/compute_v1beta1_computerouterpeer.yaml index 01d9fc7296..ab5fcb1ac2 100644 --- a/crds/compute_v1beta1_computerouterpeer.yaml +++ b/crds/compute_v1beta1_computerouterpeer.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesecuritypolicy.yaml b/crds/compute_v1beta1_computesecuritypolicy.yaml index 16d7d101b3..8ec212bdcb 100644 --- a/crds/compute_v1beta1_computesecuritypolicy.yaml +++ b/crds/compute_v1beta1_computesecuritypolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeserviceattachment.yaml b/crds/compute_v1beta1_computeserviceattachment.yaml index 457798d0a6..2a7c15d15a 100644 --- a/crds/compute_v1beta1_computeserviceattachment.yaml +++ b/crds/compute_v1beta1_computeserviceattachment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/compute_v1beta1_computesharedvpchostproject.yaml b/crds/compute_v1beta1_computesharedvpchostproject.yaml index a50c4f1eb3..cac090c95c 100644 --- a/crds/compute_v1beta1_computesharedvpchostproject.yaml +++ b/crds/compute_v1beta1_computesharedvpchostproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesharedvpcserviceproject.yaml b/crds/compute_v1beta1_computesharedvpcserviceproject.yaml index b7be75ea6d..f36b10691b 100644 --- a/crds/compute_v1beta1_computesharedvpcserviceproject.yaml +++ b/crds/compute_v1beta1_computesharedvpcserviceproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesnapshot.yaml b/crds/compute_v1beta1_computesnapshot.yaml index b306887216..4d9ff683e1 100644 --- a/crds/compute_v1beta1_computesnapshot.yaml +++ b/crds/compute_v1beta1_computesnapshot.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesslcertificate.yaml b/crds/compute_v1beta1_computesslcertificate.yaml index 2b757ed369..b478a674e9 100644 --- a/crds/compute_v1beta1_computesslcertificate.yaml +++ b/crds/compute_v1beta1_computesslcertificate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesslpolicy.yaml b/crds/compute_v1beta1_computesslpolicy.yaml index 105ff65b89..0bd80c44be 100644 --- a/crds/compute_v1beta1_computesslpolicy.yaml +++ b/crds/compute_v1beta1_computesslpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computesubnetwork.yaml b/crds/compute_v1beta1_computesubnetwork.yaml index d376c1a8cd..95ccb84d9d 100644 --- a/crds/compute_v1beta1_computesubnetwork.yaml +++ b/crds/compute_v1beta1_computesubnetwork.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -172,11 +172,11 @@ spec: type: string purpose: description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. type: string region: description: Immutable. The GCP region for this subnetwork. @@ -188,11 +188,12 @@ spec: type: string role: description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. type: string secondaryIpRange: items: diff --git a/crds/compute_v1beta1_computetargetgrpcproxy.yaml b/crds/compute_v1beta1_computetargetgrpcproxy.yaml index bbbdeddccc..b38f397a80 100644 --- a/crds/compute_v1beta1_computetargetgrpcproxy.yaml +++ b/crds/compute_v1beta1_computetargetgrpcproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargethttpproxy.yaml b/crds/compute_v1beta1_computetargethttpproxy.yaml index 3fe737ea1b..df8c468c08 100644 --- a/crds/compute_v1beta1_computetargethttpproxy.yaml +++ b/crds/compute_v1beta1_computetargethttpproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargethttpsproxy.yaml b/crds/compute_v1beta1_computetargethttpsproxy.yaml index ea43191f3f..3595a2233d 100644 --- a/crds/compute_v1beta1_computetargethttpsproxy.yaml +++ b/crds/compute_v1beta1_computetargethttpsproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetinstance.yaml b/crds/compute_v1beta1_computetargetinstance.yaml index 1ec79776ed..ffc739b991 100644 --- a/crds/compute_v1beta1_computetargetinstance.yaml +++ b/crds/compute_v1beta1_computetargetinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetpool.yaml b/crds/compute_v1beta1_computetargetpool.yaml index 5cfcea9de7..9661137464 100644 --- a/crds/compute_v1beta1_computetargetpool.yaml +++ b/crds/compute_v1beta1_computetargetpool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetsslproxy.yaml b/crds/compute_v1beta1_computetargetsslproxy.yaml index 16ede4120c..fe94a070e2 100644 --- a/crds/compute_v1beta1_computetargetsslproxy.yaml +++ b/crds/compute_v1beta1_computetargetsslproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargettcpproxy.yaml b/crds/compute_v1beta1_computetargettcpproxy.yaml index 81a088b59a..13a8a35d80 100644 --- a/crds/compute_v1beta1_computetargettcpproxy.yaml +++ b/crds/compute_v1beta1_computetargettcpproxy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computetargetvpngateway.yaml b/crds/compute_v1beta1_computetargetvpngateway.yaml index a640e42205..1034eb93ed 100644 --- a/crds/compute_v1beta1_computetargetvpngateway.yaml +++ b/crds/compute_v1beta1_computetargetvpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computeurlmap.yaml b/crds/compute_v1beta1_computeurlmap.yaml index 1a4bb6de2d..f4eb0582d2 100644 --- a/crds/compute_v1beta1_computeurlmap.yaml +++ b/crds/compute_v1beta1_computeurlmap.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/compute_v1beta1_computevpngateway.yaml b/crds/compute_v1beta1_computevpngateway.yaml index 75a91bc54d..b79ff47826 100644 --- a/crds/compute_v1beta1_computevpngateway.yaml +++ b/crds/compute_v1beta1_computevpngateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -110,6 +110,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: diff --git a/crds/compute_v1beta1_computevpntunnel.yaml b/crds/compute_v1beta1_computevpntunnel.yaml index 9864645c37..ad47f05964 100644 --- a/crds/compute_v1beta1_computevpntunnel.yaml +++ b/crds/compute_v1beta1_computevpntunnel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/configcontroller_v1beta1_configcontrollerinstance.yaml b/crds/configcontroller_v1beta1_configcontrollerinstance.yaml index fde82b54bf..7232ae2f6a 100644 --- a/crds/configcontroller_v1beta1_configcontrollerinstance.yaml +++ b/crds/configcontroller_v1beta1_configcontrollerinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/container_v1beta1_containercluster.yaml b/crds/container_v1beta1_containercluster.yaml index 45eefbd299..2b4c86d3a3 100644 --- a/crds/container_v1beta1_containercluster.yaml +++ b/crds/container_v1beta1_containercluster.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -606,6 +606,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -620,6 +629,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -906,6 +920,19 @@ spec: nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -943,11 +970,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -1051,6 +1093,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -1441,23 +1494,22 @@ spec: access will be via IPv4). type: string protectConfig: - description: The notification config for sending cluster upgrade notifications. + description: Enable/Disable Protect API features for the cluster. properties: workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. properties: auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. type: string required: - auditMode type: object workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. type: string type: object releaseChannel: diff --git a/crds/container_v1beta1_containernodepool.yaml b/crds/container_v1beta1_containernodepool.yaml index 3964895fd6..f49bae4353 100644 --- a/crds/container_v1beta1_containernodepool.yaml +++ b/crds/container_v1beta1_containernodepool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -170,6 +170,16 @@ spec: enablePrivateNodes: description: Whether nodes have internal IP addresses only. type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object podIpv4CidrBlock: description: Immutable. The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set @@ -188,6 +198,19 @@ spec: nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -225,11 +248,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -333,6 +371,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. diff --git a/crds/containeranalysis_v1alpha1_containeranalysisoccurrence.yaml b/crds/containeranalysis_v1alpha1_containeranalysisoccurrence.yaml new file mode 100644 index 0000000000..6c6e98b97d --- /dev/null +++ b/crds/containeranalysis_v1alpha1_containeranalysisoccurrence.yaml @@ -0,0 +1,248 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The time when the repository was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/containeranalysis_v1beta1_containeranalysisnote.yaml b/crds/containeranalysis_v1beta1_containeranalysisnote.yaml index f20f01a298..2b5b885588 100644 --- a/crds/containeranalysis_v1beta1_containeranalysisnote.yaml +++ b/crds/containeranalysis_v1beta1_containeranalysisnote.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/datacatalog_v1alpha1_datacatalogentry.yaml b/crds/datacatalog_v1alpha1_datacatalogentry.yaml new file mode 100644 index 0000000000..0656497055 --- /dev/null +++ b/crds/datacatalog_v1alpha1_datacatalogentry.yaml @@ -0,0 +1,284 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. + properties: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. + type: string + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns + type: object + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: + properties: + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string + type: object + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: + properties: + viewQuery: + description: The query that defines the table view. + type: string + type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datacatalog_v1alpha1_datacatalogentrygroup.yaml b/crds/datacatalog_v1alpha1_datacatalogentrygroup.yaml new file mode 100644 index 0000000000..7d926fe545 --- /dev/null +++ b/crds/datacatalog_v1alpha1_datacatalogentrygroup.yaml @@ -0,0 +1,178 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. EntryGroup location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datacatalog_v1alpha1_datacatalogtag.yaml b/crds/datacatalog_v1alpha1_datacatalogtag.yaml new file mode 100644 index 0000000000..398bb29805 --- /dev/null +++ b/crds/datacatalog_v1alpha1_datacatalogtag.yaml @@ -0,0 +1,197 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. + type: string + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datacatalog_v1alpha1_datacatalogtagtemplate.yaml b/crds/datacatalog_v1alpha1_datacatalogtagtemplate.yaml new file mode 100644 index 0000000000..6916464daa --- /dev/null +++ b/crds/datacatalog_v1alpha1_datacatalogtagtemplate.yaml @@ -0,0 +1,244 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates + shortNames: + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml b/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml index a50d085909..fb3520c0f2 100644 --- a/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml +++ b/crds/datacatalog_v1beta1_datacatalogpolicytag.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml b/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml index 625985c793..6950837cae 100644 --- a/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml +++ b/crds/datacatalog_v1beta1_datacatalogtaxonomy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml b/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml index bb48bc6d3b..cb8d9414d2 100644 --- a/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml +++ b/crds/dataflow_v1beta1_dataflowflextemplatejob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dataflow_v1beta1_dataflowjob.yaml b/crds/dataflow_v1beta1_dataflowjob.yaml index 3a7be0fc8c..d2bd1ba865 100644 --- a/crds/dataflow_v1beta1_dataflowjob.yaml +++ b/crds/dataflow_v1beta1_dataflowjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dataform_v1alpha1_dataformrepository.yaml b/crds/dataform_v1alpha1_dataformrepository.yaml new file mode 100644 index 0000000000..1cc2d071ee --- /dev/null +++ b/crds/dataform_v1alpha1_dataformrepository.yaml @@ -0,0 +1,184 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataformrepositories.dataform.cnrm.cloud.google.com +spec: + group: dataform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataformRepository + plural: dataformrepositories + shortNames: + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datafusion_v1beta1_datafusioninstance.yaml b/crds/datafusion_v1beta1_datafusioninstance.yaml index c111f96375..4f40c07c4f 100644 --- a/crds/datafusion_v1beta1_datafusioninstance.yaml +++ b/crds/datafusion_v1beta1_datafusioninstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml b/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml index c8fec0b2f8..e526aa41df 100644 --- a/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml +++ b/crds/dataproc_v1beta1_dataprocautoscalingpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataproccluster.yaml b/crds/dataproc_v1beta1_dataproccluster.yaml index 1a457c5279..7b60057b48 100644 --- a/crds/dataproc_v1beta1_dataproccluster.yaml +++ b/crds/dataproc_v1beta1_dataproccluster.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml b/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml index 95b5f8a071..63b3495f65 100644 --- a/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml +++ b/crds/dataproc_v1beta1_dataprocworkflowtemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/datastore_v1alpha1_datastoreindex.yaml b/crds/datastore_v1alpha1_datastoreindex.yaml new file mode 100644 index 0000000000..8070f1f5a2 --- /dev/null +++ b/crds/datastore_v1alpha1_datastoreindex.yaml @@ -0,0 +1,184 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + properties: + description: Immutable. An ordered list of properties to index on. + items: + properties: + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' + type: string + name: + description: Immutable. The property name to index. + type: string + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datastream_v1alpha1_datastreamconnectionprofile.yaml b/crds/datastream_v1alpha1_datastreamconnectionprofile.yaml new file mode 100644 index 0000000000..801a9eb77b --- /dev/null +++ b/crds/datastream_v1alpha1_datastreamconnectionprofile.yaml @@ -0,0 +1,613 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles + shortNames: + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. + type: string + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datastream_v1alpha1_datastreamprivateconnection.yaml b/crds/datastream_v1alpha1_datastreamprivateconnection.yaml new file mode 100644 index 0000000000..78ec086d18 --- /dev/null +++ b/crds/datastream_v1alpha1_datastreamprivateconnection.yaml @@ -0,0 +1,205 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string + location: + description: Immutable. The name of the location this private connection + is located in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: + type: string + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/datastream_v1alpha1_datastreamstream.yaml b/crds/datastream_v1alpha1_datastreamstream.yaml new file mode 100644 index 0000000000..af415fe22c --- /dev/null +++ b/crds/datastream_v1alpha1_datastreamstream.yaml @@ -0,0 +1,941 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. + type: string + required: + - location + type: object + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/deploymentmanager_v1alpha1_deploymentmanagerdeployment.yaml b/crds/deploymentmanager_v1alpha1_deploymentmanagerdeployment.yaml new file mode 100644 index 0000000000..04e11504e3 --- /dev/null +++ b/crds/deploymentmanager_v1alpha1_deploymentmanagerdeployment.yaml @@ -0,0 +1,227 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflow_v1alpha1_dialogflowagent.yaml b/crds/dialogflow_v1alpha1_dialogflowagent.yaml new file mode 100644 index 0000000000..3ea08d3998 --- /dev/null +++ b/crds/dialogflow_v1alpha1_dialogflowagent.yaml @@ -0,0 +1,200 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflow_v1alpha1_dialogflowentitytype.yaml b/crds/dialogflow_v1alpha1_dialogflowentitytype.yaml new file mode 100644 index 0000000000..33d9326973 --- /dev/null +++ b/crds/dialogflow_v1alpha1_dialogflowentitytype.yaml @@ -0,0 +1,205 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflow_v1alpha1_dialogflowfulfillment.yaml b/crds/dialogflow_v1alpha1_dialogflowfulfillment.yaml new file mode 100644 index 0000000000..6048d93a45 --- /dev/null +++ b/crds/dialogflow_v1alpha1_dialogflowfulfillment.yaml @@ -0,0 +1,209 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. + type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflow_v1alpha1_dialogflowintent.yaml b/crds/dialogflow_v1alpha1_dialogflowintent.yaml new file mode 100644 index 0000000000..36baa6f58a --- /dev/null +++ b/crds/dialogflow_v1alpha1_dialogflowintent.yaml @@ -0,0 +1,249 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxagent.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxagent.yaml new file mode 100644 index 0000000000..92b0e8a4f1 --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxagent.yaml @@ -0,0 +1,226 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. + + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxentitytype.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxentitytype.yaml new file mode 100644 index 0000000000..3bad2773dd --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxentitytype.yaml @@ -0,0 +1,207 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxflow.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxflow.yaml new file mode 100644 index 0000000000..ad97e846a3 --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxflow.yaml @@ -0,0 +1,348 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxintent.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxintent.yaml new file mode 100644 index 0000000000..8b11227d8c --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxintent.yaml @@ -0,0 +1,232 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxpage.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxpage.yaml new file mode 100644 index 0000000000..75dbaa3bb5 --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxpage.yaml @@ -0,0 +1,461 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: + + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dialogflowcx_v1alpha1_dialogflowcxwebhook.yaml b/crds/dialogflowcx_v1alpha1_dialogflowcxwebhook.yaml new file mode 100644 index 0000000000..385b94455b --- /dev/null +++ b/crds/dialogflowcx_v1alpha1_dialogflowcxwebhook.yaml @@ -0,0 +1,221 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml b/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml index dd760f83b5..e3bafdf96f 100644 --- a/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml +++ b/crds/dlp_v1beta1_dlpdeidentifytemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpinspecttemplate.yaml b/crds/dlp_v1beta1_dlpinspecttemplate.yaml index 6b24dfbec4..7c9ab85c3e 100644 --- a/crds/dlp_v1beta1_dlpinspecttemplate.yaml +++ b/crds/dlp_v1beta1_dlpinspecttemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpjobtrigger.yaml b/crds/dlp_v1beta1_dlpjobtrigger.yaml index 638323d8de..e173997546 100644 --- a/crds/dlp_v1beta1_dlpjobtrigger.yaml +++ b/crds/dlp_v1beta1_dlpjobtrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dlp_v1beta1_dlpstoredinfotype.yaml b/crds/dlp_v1beta1_dlpstoredinfotype.yaml index 2992e5c18b..45031f324e 100644 --- a/crds/dlp_v1beta1_dlpstoredinfotype.yaml +++ b/crds/dlp_v1beta1_dlpstoredinfotype.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/dns_v1alpha1_dnsresponsepolicy.yaml b/crds/dns_v1alpha1_dnsresponsepolicy.yaml new file mode 100644 index 0000000000..2d9eb066fc --- /dev/null +++ b/crds/dns_v1alpha1_dnsresponsepolicy.yaml @@ -0,0 +1,190 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dns_v1alpha1_dnsresponsepolicyrule.yaml b/crds/dns_v1alpha1_dnsresponsepolicyrule.yaml new file mode 100644 index 0000000000..e77a377f4c --- /dev/null +++ b/crds/dns_v1alpha1_dnsresponsepolicyrule.yaml @@ -0,0 +1,208 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. + type: string + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. + type: string + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/dns_v1beta1_dnsmanagedzone.yaml b/crds/dns_v1beta1_dnsmanagedzone.yaml index ff34cfc58f..e2f4f92cc5 100644 --- a/crds/dns_v1beta1_dnsmanagedzone.yaml +++ b/crds/dns_v1beta1_dnsmanagedzone.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dns_v1beta1_dnspolicy.yaml b/crds/dns_v1beta1_dnspolicy.yaml index 13a0d5d668..d9b2d5e863 100644 --- a/crds/dns_v1beta1_dnspolicy.yaml +++ b/crds/dns_v1beta1_dnspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/dns_v1beta1_dnsrecordset.yaml b/crds/dns_v1beta1_dnsrecordset.yaml index 5b66ab20d9..87fbad5ba1 100644 --- a/crds/dns_v1beta1_dnsrecordset.yaml +++ b/crds/dns_v1beta1_dnsrecordset.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/documentai_v1alpha1_documentaiprocessor.yaml b/crds/documentai_v1alpha1_documentaiprocessor.yaml new file mode 100644 index 0000000000..03c9e48c41 --- /dev/null +++ b/crds/documentai_v1alpha1_documentaiprocessor.yaml @@ -0,0 +1,177 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the processor. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/documentai_v1alpha1_documentaiprocessordefaultversion.yaml b/crds/documentai_v1alpha1_documentaiprocessordefaultversion.yaml new file mode 100644 index 0000000000..81ca90f586 --- /dev/null +++ b/crds/documentai_v1alpha1_documentaiprocessordefaultversion.yaml @@ -0,0 +1,135 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/essentialcontacts_v1alpha1_essentialcontactscontact.yaml b/crds/essentialcontacts_v1alpha1_essentialcontactscontact.yaml new file mode 100644 index 0000000000..53b45c8c82 --- /dev/null +++ b/crds/essentialcontacts_v1alpha1_essentialcontactscontact.yaml @@ -0,0 +1,154 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/eventarc_v1beta1_eventarctrigger.yaml b/crds/eventarc_v1beta1_eventarctrigger.yaml index c81a80cb76..e1482a3f46 100644 --- a/crds/eventarc_v1beta1_eventarctrigger.yaml +++ b/crds/eventarc_v1beta1_eventarctrigger.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/filestore_v1alpha1_filestoresnapshot.yaml b/crds/filestore_v1alpha1_filestoresnapshot.yaml new file mode 100644 index 0000000000..47a4ec41d9 --- /dev/null +++ b/crds/filestore_v1alpha1_filestoresnapshot.yaml @@ -0,0 +1,181 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/filestore_v1beta1_filestorebackup.yaml b/crds/filestore_v1beta1_filestorebackup.yaml index 157fb678c4..c6ad5ced21 100644 --- a/crds/filestore_v1beta1_filestorebackup.yaml +++ b/crds/filestore_v1beta1_filestorebackup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/filestore_v1beta1_filestoreinstance.yaml b/crds/filestore_v1beta1_filestoreinstance.yaml index a72738d127..8f8b20e5fa 100644 --- a/crds/filestore_v1beta1_filestoreinstance.yaml +++ b/crds/filestore_v1beta1_filestoreinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/firebase_v1alpha1_firebaseandroidapp.yaml b/crds/firebase_v1alpha1_firebaseandroidapp.yaml new file mode 100644 index 0000000000..2966a90072 --- /dev/null +++ b/crds/firebase_v1alpha1_firebaseandroidapp.yaml @@ -0,0 +1,193 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebase_v1alpha1_firebaseproject.yaml b/crds/firebase_v1alpha1_firebaseproject.yaml new file mode 100644 index 0000000000..6b809f6a22 --- /dev/null +++ b/crds/firebase_v1alpha1_firebaseproject.yaml @@ -0,0 +1,164 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebase_v1alpha1_firebasewebapp.yaml b/crds/firebase_v1alpha1_firebasewebapp.yaml new file mode 100644 index 0000000000..fc77bc3266 --- /dev/null +++ b/crds/firebase_v1alpha1_firebasewebapp.yaml @@ -0,0 +1,153 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebasedatabase_v1alpha1_firebasedatabaseinstance.yaml b/crds/firebasedatabase_v1alpha1_firebasedatabaseinstance.yaml new file mode 100644 index 0000000000..892df414f0 --- /dev/null +++ b/crds/firebasedatabase_v1alpha1_firebasedatabaseinstance.yaml @@ -0,0 +1,189 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebasehosting_v1alpha1_firebasehostingchannel.yaml b/crds/firebasehosting_v1alpha1_firebasehostingchannel.yaml new file mode 100644 index 0000000000..230a248c09 --- /dev/null +++ b/crds/firebasehosting_v1alpha1_firebasehostingchannel.yaml @@ -0,0 +1,156 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebasehosting_v1alpha1_firebasehostingsite.yaml b/crds/firebasehosting_v1alpha1_firebasehostingsite.yaml new file mode 100644 index 0000000000..cba76f531e --- /dev/null +++ b/crds/firebasehosting_v1alpha1_firebasehostingsite.yaml @@ -0,0 +1,175 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firebasestorage_v1alpha1_firebasestoragebucket.yaml b/crds/firebasestorage_v1alpha1_firebasestoragebucket.yaml new file mode 100644 index 0000000000..aac0501e6b --- /dev/null +++ b/crds/firebasestorage_v1alpha1_firebasestoragebucket.yaml @@ -0,0 +1,160 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/firestore_v1beta1_firestoreindex.yaml b/crds/firestore_v1beta1_firestoreindex.yaml index 3d64d196fb..2f1f98096f 100644 --- a/crds/firestore_v1beta1_firestoreindex.yaml +++ b/crds/firestore_v1beta1_firestoreindex.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/gkebackup_v1alpha1_gkebackupbackupplan.yaml b/crds/gkebackup_v1alpha1_gkebackupbackupplan.yaml new file mode 100644 index 0000000000..d07843e554 --- /dev/null +++ b/crds/gkebackup_v1alpha1_gkebackupbackupplan.yaml @@ -0,0 +1,302 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. + properties: + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' + type: string + required: + - gcpKmsEncryptionKey + type: object + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. + properties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. + type: string + namespace: + description: The namespace of a Kubernetes Resource. + type: string + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces + type: object + type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string + location: + description: Immutable. The region of the Backup Plan. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object + required: + - cluster + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/gkehub_v1beta1_gkehubfeature.yaml b/crds/gkehub_v1beta1_gkehubfeature.yaml index c98a63e99d..28afc2fc8d 100644 --- a/crds/gkehub_v1beta1_gkehubfeature.yaml +++ b/crds/gkehub_v1beta1_gkehubfeature.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml b/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml index da04e996ff..b5f5ecd273 100644 --- a/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml +++ b/crds/gkehub_v1beta1_gkehubfeaturemembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/gkehub_v1beta1_gkehubmembership.yaml b/crds/gkehub_v1beta1_gkehubmembership.yaml index 6237f76138..4a1457dd89 100644 --- a/crds/gkehub_v1beta1_gkehubmembership.yaml +++ b/crds/gkehub_v1beta1_gkehubmembership.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/healthcare_v1alpha1_healthcareconsentstore.yaml b/crds/healthcare_v1alpha1_healthcareconsentstore.yaml new file mode 100644 index 0000000000..f4f02d18a2 --- /dev/null +++ b/crds/healthcare_v1alpha1_healthcareconsentstore.yaml @@ -0,0 +1,145 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareConsentStore + plural: healthcareconsentstores + shortNames: + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/healthcare_v1alpha1_healthcaredataset.yaml b/crds/healthcare_v1alpha1_healthcaredataset.yaml new file mode 100644 index 0000000000..f3cadf7f42 --- /dev/null +++ b/crds/healthcare_v1alpha1_healthcaredataset.yaml @@ -0,0 +1,170 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDataset + plural: healthcaredatasets + shortNames: + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: + description: Immutable. The location for the Dataset. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/healthcare_v1alpha1_healthcaredicomstore.yaml b/crds/healthcare_v1alpha1_healthcaredicomstore.yaml new file mode 100644 index 0000000000..bb8a849446 --- /dev/null +++ b/crds/healthcare_v1alpha1_healthcaredicomstore.yaml @@ -0,0 +1,174 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareDICOMStore + plural: healthcaredicomstores + shortNames: + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object + required: + - bigqueryDestination + type: object + type: array + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/healthcare_v1alpha1_healthcarefhirstore.yaml b/crds/healthcare_v1alpha1_healthcarefhirstore.yaml new file mode 100644 index 0000000000..53b5ece731 --- /dev/null +++ b/crds/healthcare_v1alpha1_healthcarefhirstore.yaml @@ -0,0 +1,285 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareFHIRStore + plural: healthcarefhirstores + shortNames: + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. + items: + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. + items: + properties: + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. + properties: + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. + type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig + type: object + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination + type: object + type: array + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/healthcare_v1alpha1_healthcarehl7v2store.yaml b/crds/healthcare_v1alpha1_healthcarehl7v2store.yaml new file mode 100644 index 0000000000..2d4e229089 --- /dev/null +++ b/crds/healthcare_v1alpha1_healthcarehl7v2store.yaml @@ -0,0 +1,213 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com +spec: + group: healthcare.cnrm.cloud.google.com + names: + categories: + - gcp + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores + shortNames: + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. + type: string + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: |- + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. + items: + properties: + filter: + description: |- + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. + type: string + required: + - pubsubTopic + type: object + type: array + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataset + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/iam_v1beta1_iamaccessboundarypolicy.yaml b/crds/iam_v1beta1_iamaccessboundarypolicy.yaml index 2c89382da0..e2a7ed9907 100644 --- a/crds/iam_v1beta1_iamaccessboundarypolicy.yaml +++ b/crds/iam_v1beta1_iamaccessboundarypolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamauditconfig.yaml b/crds/iam_v1beta1_iamauditconfig.yaml index 7ea09cf814..2fa807aed6 100644 --- a/crds/iam_v1beta1_iamauditconfig.yaml +++ b/crds/iam_v1beta1_iamauditconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamcustomrole.yaml b/crds/iam_v1beta1_iamcustomrole.yaml index cb344e5b92..71a21c0692 100644 --- a/crds/iam_v1beta1_iamcustomrole.yaml +++ b/crds/iam_v1beta1_iamcustomrole.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampartialpolicy.yaml b/crds/iam_v1beta1_iampartialpolicy.yaml index cb6b33a2df..aa4e368ba0 100644 --- a/crds/iam_v1beta1_iampartialpolicy.yaml +++ b/crds/iam_v1beta1_iampartialpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampolicy.yaml b/crds/iam_v1beta1_iampolicy.yaml index 7582f15c94..85530ff1e7 100644 --- a/crds/iam_v1beta1_iampolicy.yaml +++ b/crds/iam_v1beta1_iampolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iampolicymember.yaml b/crds/iam_v1beta1_iampolicymember.yaml index 9fdc270f53..2fca0d92d2 100644 --- a/crds/iam_v1beta1_iampolicymember.yaml +++ b/crds/iam_v1beta1_iampolicymember.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamserviceaccount.yaml b/crds/iam_v1beta1_iamserviceaccount.yaml index 6fbdcf733e..e3c8fb6e40 100644 --- a/crds/iam_v1beta1_iamserviceaccount.yaml +++ b/crds/iam_v1beta1_iamserviceaccount.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamserviceaccountkey.yaml b/crds/iam_v1beta1_iamserviceaccountkey.yaml index aed7e4656e..4e59d035f1 100644 --- a/crds/iam_v1beta1_iamserviceaccountkey.yaml +++ b/crds/iam_v1beta1_iamserviceaccountkey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/iam_v1beta1_iamworkforcepool.yaml b/crds/iam_v1beta1_iamworkforcepool.yaml index dc6c022c95..74a44ec90c 100644 --- a/crds/iam_v1beta1_iamworkforcepool.yaml +++ b/crds/iam_v1beta1_iamworkforcepool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkforcepoolprovider.yaml b/crds/iam_v1beta1_iamworkforcepoolprovider.yaml index 0e69fccbbb..829f055c05 100644 --- a/crds/iam_v1beta1_iamworkforcepoolprovider.yaml +++ b/crds/iam_v1beta1_iamworkforcepoolprovider.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkloadidentitypool.yaml b/crds/iam_v1beta1_iamworkloadidentitypool.yaml index e56e93605f..869999f1c5 100644 --- a/crds/iam_v1beta1_iamworkloadidentitypool.yaml +++ b/crds/iam_v1beta1_iamworkloadidentitypool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml b/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml index 8770e0bdb0..ed45cbc454 100644 --- a/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml +++ b/crds/iam_v1beta1_iamworkloadidentitypoolprovider.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iap_v1beta1_iapbrand.yaml b/crds/iap_v1beta1_iapbrand.yaml index 6cb9cf0e21..572d07d4e1 100644 --- a/crds/iap_v1beta1_iapbrand.yaml +++ b/crds/iap_v1beta1_iapbrand.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/iap_v1beta1_iapidentityawareproxyclient.yaml b/crds/iap_v1beta1_iapidentityawareproxyclient.yaml index 33223eccdd..c256e07e9a 100644 --- a/crds/iap_v1beta1_iapidentityawareproxyclient.yaml +++ b/crds/iap_v1beta1_iapidentityawareproxyclient.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1alpha1_identityplatformdefaultsupportedidpconfig.yaml b/crds/identityplatform_v1alpha1_identityplatformdefaultsupportedidpconfig.yaml new file mode 100644 index 0000000000..f3aadc53c0 --- /dev/null +++ b/crds/identityplatform_v1alpha1_identityplatformdefaultsupportedidpconfig.yaml @@ -0,0 +1,171 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - clientId + - clientSecret + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/identityplatform_v1alpha1_identityplatforminboundsamlconfig.yaml b/crds/identityplatform_v1alpha1_identityplatforminboundsamlconfig.yaml new file mode 100644 index 0000000000..3a55bd0723 --- /dev/null +++ b/crds/identityplatform_v1alpha1_identityplatforminboundsamlconfig.yaml @@ -0,0 +1,217 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs + shortNames: + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object + required: + - displayName + - idpConfig + - projectRef + - spConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/identityplatform_v1alpha1_identityplatformprojectdefaultconfig.yaml b/crds/identityplatform_v1alpha1_identityplatformprojectdefaultconfig.yaml new file mode 100644 index 0000000000..cb5a8d55b1 --- /dev/null +++ b/crds/identityplatform_v1alpha1_identityplatformprojectdefaultconfig.yaml @@ -0,0 +1,236 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + required: + - enabled + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." + type: boolean + type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that + can be used for phone auth testing. + type: object + type: object + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/identityplatform_v1alpha1_identityplatformtenantdefaultsupportedidpconfig.yaml b/crds/identityplatform_v1alpha1_identityplatformtenantdefaultsupportedidpconfig.yaml new file mode 100644 index 0000000000..3f6f05aefa --- /dev/null +++ b/crds/identityplatform_v1alpha1_identityplatformtenantdefaultsupportedidpconfig.yaml @@ -0,0 +1,176 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The name of the default supported IDP config resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/identityplatform_v1alpha1_identityplatformtenantinboundsamlconfig.yaml b/crds/identityplatform_v1alpha1_identityplatformtenantinboundsamlconfig.yaml new file mode 100644 index 0000000000..c709e622af --- /dev/null +++ b/crds/identityplatform_v1alpha1_identityplatformtenantinboundsamlconfig.yaml @@ -0,0 +1,225 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs + shortNames: + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId + type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/identityplatform_v1beta1_identityplatformconfig.yaml b/crds/identityplatform_v1beta1_identityplatformconfig.yaml index 38f1de95bf..593792bbd6 100644 --- a/crds/identityplatform_v1beta1_identityplatformconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml b/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml index b333f3f3da..18098b2c6a 100644 --- a/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformoauthidpconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformtenant.yaml b/crds/identityplatform_v1beta1_identityplatformtenant.yaml index 93b07cc231..a5ddfad55f 100644 --- a/crds/identityplatform_v1beta1_identityplatformtenant.yaml +++ b/crds/identityplatform_v1beta1_identityplatformtenant.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml b/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml index 9ee3dcc566..b62537e80a 100644 --- a/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml +++ b/crds/identityplatform_v1beta1_identityplatformtenantoauthidpconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/kms_v1alpha1_kmscryptokeyversion.yaml b/crds/kms_v1alpha1_kmscryptokeyversion.yaml new file mode 100644 index 0000000000..c831e8cb8c --- /dev/null +++ b/crds/kms_v1alpha1_kmscryptokeyversion.yaml @@ -0,0 +1,201 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/kms_v1alpha1_kmskeyringimportjob.yaml b/crds/kms_v1alpha1_kmskeyringimportjob.yaml new file mode 100644 index 0000000000..613bc0d1e2 --- /dev/null +++ b/crds/kms_v1alpha1_kmskeyringimportjob.yaml @@ -0,0 +1,192 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/kms_v1alpha1_kmssecretciphertext.yaml b/crds/kms_v1alpha1_kmssecretciphertext.yaml new file mode 100644 index 0000000000..d2824f5140 --- /dev/null +++ b/crds/kms_v1alpha1_kmssecretciphertext.yaml @@ -0,0 +1,217 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmssecretciphertexts.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSSecretCiphertext + plural: kmssecretciphertexts + shortNames: + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: + description: |- + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. + type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - cryptoKey + - plaintext + type: object + status: + properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/kms_v1beta1_kmscryptokey.yaml b/crds/kms_v1beta1_kmscryptokey.yaml index e185e92f6b..1faee32b3a 100644 --- a/crds/kms_v1beta1_kmscryptokey.yaml +++ b/crds/kms_v1beta1_kmscryptokey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/kms_v1beta1_kmskeyring.yaml b/crds/kms_v1beta1_kmskeyring.yaml index bd223ba245..b3e5c69024 100644 --- a/crds/kms_v1beta1_kmskeyring.yaml +++ b/crds/kms_v1beta1_kmskeyring.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/logging_v1beta1_logginglogbucket.yaml b/crds/logging_v1beta1_logginglogbucket.yaml index 3678f05726..12732f0667 100644 --- a/crds/logging_v1beta1_logginglogbucket.yaml +++ b/crds/logging_v1beta1_logginglogbucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogexclusion.yaml b/crds/logging_v1beta1_logginglogexclusion.yaml index f438e0c604..a624d502fb 100644 --- a/crds/logging_v1beta1_logginglogexclusion.yaml +++ b/crds/logging_v1beta1_logginglogexclusion.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogmetric.yaml b/crds/logging_v1beta1_logginglogmetric.yaml index c8855d278d..94a2938b3a 100644 --- a/crds/logging_v1beta1_logginglogmetric.yaml +++ b/crds/logging_v1beta1_logginglogmetric.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/logging_v1beta1_logginglogsink.yaml b/crds/logging_v1beta1_logginglogsink.yaml index 96a3f6e627..215dabcef1 100644 --- a/crds/logging_v1beta1_logginglogsink.yaml +++ b/crds/logging_v1beta1_logginglogsink.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/logging_v1beta1_logginglogview.yaml b/crds/logging_v1beta1_logginglogview.yaml index b36f1b4211..cb2efe69d3 100644 --- a/crds/logging_v1beta1_logginglogview.yaml +++ b/crds/logging_v1beta1_logginglogview.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/memcache_v1beta1_memcacheinstance.yaml b/crds/memcache_v1beta1_memcacheinstance.yaml index eb75469fb6..3df9a325b0 100644 --- a/crds/memcache_v1beta1_memcacheinstance.yaml +++ b/crds/memcache_v1beta1_memcacheinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/mlengine_v1alpha1_mlenginemodel.yaml b/crds/mlengine_v1alpha1_mlenginemodel.yaml new file mode 100644 index 0000000000..1ca9519c39 --- /dev/null +++ b/crds/mlengine_v1alpha1_mlenginemodel.yaml @@ -0,0 +1,188 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/monitoring_v1beta1_monitoringalertpolicy.yaml b/crds/monitoring_v1beta1_monitoringalertpolicy.yaml index 938f0c8032..70f745223d 100644 --- a/crds/monitoring_v1beta1_monitoringalertpolicy.yaml +++ b/crds/monitoring_v1beta1_monitoringalertpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/monitoring_v1beta1_monitoringdashboard.yaml b/crds/monitoring_v1beta1_monitoringdashboard.yaml index 9fe4feb692..c082a0f42a 100644 --- a/crds/monitoring_v1beta1_monitoringdashboard.yaml +++ b/crds/monitoring_v1beta1_monitoringdashboard.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringgroup.yaml b/crds/monitoring_v1beta1_monitoringgroup.yaml index 8f40063008..b3f559c7d6 100644 --- a/crds/monitoring_v1beta1_monitoringgroup.yaml +++ b/crds/monitoring_v1beta1_monitoringgroup.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml b/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml index d754a7e023..e7cec8c8a3 100644 --- a/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml +++ b/crds/monitoring_v1beta1_monitoringmetricdescriptor.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml b/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml index 4e013edfb7..406cc076b8 100644 --- a/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml +++ b/crds/monitoring_v1beta1_monitoringmonitoredproject.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml b/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml index 8898eaa4c6..81fd61ba6c 100644 --- a/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml +++ b/crds/monitoring_v1beta1_monitoringnotificationchannel.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/monitoring_v1beta1_monitoringservice.yaml b/crds/monitoring_v1beta1_monitoringservice.yaml index b04f56985c..3edc713467 100644 --- a/crds/monitoring_v1beta1_monitoringservice.yaml +++ b/crds/monitoring_v1beta1_monitoringservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml b/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml index d27d6408c3..e9486cabff 100644 --- a/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml +++ b/crds/monitoring_v1beta1_monitoringservicelevelobjective.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml b/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml index f3e2bb668e..2c406200f4 100644 --- a/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml +++ b/crds/monitoring_v1beta1_monitoringuptimecheckconfig.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml b/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml index 9d50e95849..f5711b3086 100644 --- a/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml +++ b/crds/networkconnectivity_v1beta1_networkconnectivityhub.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml b/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml index 03ec005173..90c948808f 100644 --- a/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml +++ b/crds/networkconnectivity_v1beta1_networkconnectivityspoke.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkmanagement_v1alpha1_networkmanagementconnectivitytest.yaml b/crds/networkmanagement_v1alpha1_networkmanagementconnectivitytest.yaml new file mode 100644 index 0000000000..a77ff98a01 --- /dev/null +++ b/crds/networkmanagement_v1alpha1_networkmanagementconnectivitytest.yaml @@ -0,0 +1,287 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com +spec: + group: networkmanagement.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests + shortNames: + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. + type: string + destination: + description: |- + Required. Destination specification of the Connectivity Test. + + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object + required: + - destination + - projectRef + - source + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml b/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml index 3565ef2f2f..f0d4ba2961 100644 --- a/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityauthorizationpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml b/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml index ec89c5994d..dfe72991bb 100644 --- a/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityclienttlspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml b/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml index 95de9e86bb..a9c073c106 100644 --- a/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml +++ b/crds/networksecurity_v1beta1_networksecurityservertlspolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1alpha1_networkservicesedgecachekeyset.yaml b/crds/networkservices_v1alpha1_networkservicesedgecachekeyset.yaml new file mode 100644 index 0000000000..35ab78f9af --- /dev/null +++ b/crds/networkservices_v1alpha1_networkservicesedgecachekeyset.yaml @@ -0,0 +1,249 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets + shortNames: + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - id + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/networkservices_v1alpha1_networkservicesedgecacheorigin.yaml b/crds/networkservices_v1alpha1_networkservicesedgecacheorigin.yaml new file mode 100644 index 0000000000..15c223253a --- /dev/null +++ b/crds/networkservices_v1alpha1_networkservicesedgecacheorigin.yaml @@ -0,0 +1,359 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins + shortNames: + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object + description: + description: A human-readable description of the resource. + type: string + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. + type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: + description: |- + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. + type: string + type: object + required: + - originAddress + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/networkservices_v1alpha1_networkservicesedgecacheservice.yaml b/crds/networkservices_v1alpha1_networkservicesedgecacheservice.yaml new file mode 100644 index 0000000000..6b26a03510 --- /dev/null +++ b/crds/networkservices_v1alpha1_networkservicesedgecacheservice.yaml @@ -0,0 +1,919 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com +spec: + group: networkservices.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices + shortNames: + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. + type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: + properties: + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: + properties: + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array + required: + - name + - routeRule + type: object + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. + type: string + required: + - projectRef + - routing + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml b/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml index 93f35b9efa..0984840bf3 100644 --- a/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml +++ b/crds/networkservices_v1beta1_networkservicesendpointpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesgateway.yaml b/crds/networkservices_v1beta1_networkservicesgateway.yaml index 0dfacf8836..331549732b 100644 --- a/crds/networkservices_v1beta1_networkservicesgateway.yaml +++ b/crds/networkservices_v1beta1_networkservicesgateway.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml b/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml index 49cee89bc9..31538ceed5 100644 --- a/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml +++ b/crds/networkservices_v1beta1_networkservicesgrpcroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkserviceshttproute.yaml b/crds/networkservices_v1beta1_networkserviceshttproute.yaml index 1812a39809..e2e3fd5deb 100644 --- a/crds/networkservices_v1beta1_networkserviceshttproute.yaml +++ b/crds/networkservices_v1beta1_networkserviceshttproute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicesmesh.yaml b/crds/networkservices_v1beta1_networkservicesmesh.yaml index 2beeb2a729..0ba753e5da 100644 --- a/crds/networkservices_v1beta1_networkservicesmesh.yaml +++ b/crds/networkservices_v1beta1_networkservicesmesh.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicestcproute.yaml b/crds/networkservices_v1beta1_networkservicestcproute.yaml index 13094a95cc..3736f12455 100644 --- a/crds/networkservices_v1beta1_networkservicestcproute.yaml +++ b/crds/networkservices_v1beta1_networkservicestcproute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/networkservices_v1beta1_networkservicestlsroute.yaml b/crds/networkservices_v1beta1_networkservicestlsroute.yaml index 2ac7b7c142..2aa0dc3aac 100644 --- a/crds/networkservices_v1beta1_networkservicestlsroute.yaml +++ b/crds/networkservices_v1beta1_networkservicestlsroute.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/notebooks_v1alpha1_notebooksenvironment.yaml b/crds/notebooks_v1alpha1_notebooksenvironment.yaml new file mode 100644 index 0000000000..01134451ed --- /dev/null +++ b/crds/notebooks_v1alpha1_notebooksenvironment.yaml @@ -0,0 +1,232 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/orgpolicy_v1alpha1_orgpolicycustomconstraint.yaml b/crds/orgpolicy_v1alpha1_orgpolicycustomconstraint.yaml new file mode 100644 index 0000000000..0761c6ae04 --- /dev/null +++ b/crds/orgpolicy_v1alpha1_orgpolicycustomconstraint.yaml @@ -0,0 +1,173 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The timestamp representing when the constraint + was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/osconfig_v1alpha1_osconfigpatchdeployment.yaml b/crds/osconfig_v1alpha1_osconfigpatchdeployment.yaml new file mode 100644 index 0000000000..5835f816c3 --- /dev/null +++ b/crds/osconfig_v1alpha1_osconfigpatchdeployment.yaml @@ -0,0 +1,703 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/osconfig_v1beta1_osconfigguestpolicy.yaml b/crds/osconfig_v1beta1_osconfigguestpolicy.yaml index 3a1e63f16b..ecd0d2418f 100644 --- a/crds/osconfig_v1beta1_osconfigguestpolicy.yaml +++ b/crds/osconfig_v1beta1_osconfigguestpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml b/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml index 5a27525dae..5c0dc1f774 100644 --- a/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml +++ b/crds/osconfig_v1beta1_osconfigospolicyassignment.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/oslogin_v1alpha1_osloginsshpublickey.yaml b/crds/oslogin_v1alpha1_osloginsshpublickey.yaml new file mode 100644 index 0000000000..51aaba2a4f --- /dev/null +++ b/crds/oslogin_v1alpha1_osloginsshpublickey.yaml @@ -0,0 +1,148 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/privateca_v1beta1_privatecacapool.yaml b/crds/privateca_v1beta1_privatecacapool.yaml index 23c1532c16..2cc131e638 100644 --- a/crds/privateca_v1beta1_privatecacapool.yaml +++ b/crds/privateca_v1beta1_privatecacapool.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -189,6 +189,13 @@ spec: omitted from the CA certificate. format: int64 type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean type: object keyUsage: description: Optional. Indicates the intended use for keys diff --git a/crds/privateca_v1beta1_privatecacertificate.yaml b/crds/privateca_v1beta1_privatecacertificate.yaml index 5118a89ec2..8ab1e4bbfb 100644 --- a/crds/privateca_v1beta1_privatecacertificate.yaml +++ b/crds/privateca_v1beta1_privatecacertificate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/privateca_v1beta1_privatecacertificateauthority.yaml b/crds/privateca_v1beta1_privatecacertificateauthority.yaml index ef15e8f4c8..e25ffc1c90 100644 --- a/crds/privateca_v1beta1_privatecacertificateauthority.yaml +++ b/crds/privateca_v1beta1_privatecacertificateauthority.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -263,6 +263,13 @@ spec: path length will be omitted from the CA certificate. format: int64 type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean type: object keyUsage: description: Immutable. Optional. Indicates the intended use diff --git a/crds/privateca_v1beta1_privatecacertificatetemplate.yaml b/crds/privateca_v1beta1_privatecacertificatetemplate.yaml index d9659d02d1..e7575937ea 100644 --- a/crds/privateca_v1beta1_privatecacertificatetemplate.yaml +++ b/crds/privateca_v1beta1_privatecacertificatetemplate.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/pubsub_v1beta1_pubsubschema.yaml b/crds/pubsub_v1beta1_pubsubschema.yaml index c1bf17c878..a8cb63cb95 100644 --- a/crds/pubsub_v1beta1_pubsubschema.yaml +++ b/crds/pubsub_v1beta1_pubsubschema.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/pubsub_v1beta1_pubsubsubscription.yaml b/crds/pubsub_v1beta1_pubsubsubscription.yaml index 16437b7bb2..dc0945a5b8 100644 --- a/crds/pubsub_v1beta1_pubsubsubscription.yaml +++ b/crds/pubsub_v1beta1_pubsubsubscription.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -226,7 +226,7 @@ spec: description: |- Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. + If ttl is set to "", the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s". type: string diff --git a/crds/pubsub_v1beta1_pubsubtopic.yaml b/crds/pubsub_v1beta1_pubsubtopic.yaml index 92b28d340c..3d6256bb8d 100644 --- a/crds/pubsub_v1beta1_pubsubtopic.yaml +++ b/crds/pubsub_v1beta1_pubsubtopic.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/pubsublite_v1alpha1_pubsublitesubscription.yaml b/crds/pubsublite_v1alpha1_pubsublitesubscription.yaml new file mode 100644 index 0000000000..1ab31412d1 --- /dev/null +++ b/crds/pubsublite_v1alpha1_pubsublitesubscription.yaml @@ -0,0 +1,179 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/pubsublite_v1alpha1_pubsublitetopic.yaml b/crds/pubsublite_v1alpha1_pubsublitetopic.yaml new file mode 100644 index 0000000000..e83dd1cfc0 --- /dev/null +++ b/crds/pubsublite_v1alpha1_pubsublitetopic.yaml @@ -0,0 +1,216 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/pubsublite_v1beta1_pubsublitereservation.yaml b/crds/pubsublite_v1beta1_pubsublitereservation.yaml index 1923c2e628..6c6eb1a4e3 100644 --- a/crds/pubsublite_v1beta1_pubsublitereservation.yaml +++ b/crds/pubsublite_v1beta1_pubsublitereservation.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml b/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml index 7b9723da87..5e94d8258b 100644 --- a/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml +++ b/crds/recaptchaenterprise_v1beta1_recaptchaenterprisekey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/redis_v1beta1_redisinstance.yaml b/crds/redis_v1beta1_redisinstance.yaml index 24f3acb323..6b7820b260 100644 --- a/crds/redis_v1beta1_redisinstance.yaml +++ b/crds/redis_v1beta1_redisinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_folder.yaml b/crds/resourcemanager_v1beta1_folder.yaml index 01c0b64762..23fea85a04 100644 --- a/crds/resourcemanager_v1beta1_folder.yaml +++ b/crds/resourcemanager_v1beta1_folder.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_project.yaml b/crds/resourcemanager_v1beta1_project.yaml index 3863e9663f..e81c3a7deb 100644 --- a/crds/resourcemanager_v1beta1_project.yaml +++ b/crds/resourcemanager_v1beta1_project.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml b/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml index dcc0fd0e3e..5b746ff3d1 100644 --- a/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml +++ b/crds/resourcemanager_v1beta1_resourcemanagerlien.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml b/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml index ed67526688..289bfbafbc 100644 --- a/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml +++ b/crds/resourcemanager_v1beta1_resourcemanagerpolicy.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/run_v1beta1_runservice.yaml b/crds/run_v1beta1_runservice.yaml index ecd06b5422..dcb8a60b29 100644 --- a/crds/run_v1beta1_runservice.yaml +++ b/crds/run_v1beta1_runservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/secretmanager_v1beta1_secretmanagersecret.yaml b/crds/secretmanager_v1beta1_secretmanagersecret.yaml index 9b7fcaaf0a..b9b12ccd7c 100644 --- a/crds/secretmanager_v1beta1_secretmanagersecret.yaml +++ b/crds/secretmanager_v1beta1_secretmanagersecret.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml b/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml index 2d2fed753d..916a789626 100644 --- a/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml +++ b/crds/secretmanager_v1beta1_secretmanagersecretversion.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/securitycenter_v1alpha1_securitycenternotificationconfig.yaml b/crds/securitycenter_v1alpha1_securitycenternotificationconfig.yaml new file mode 100644 index 0000000000..79a49b8db9 --- /dev/null +++ b/crds/securitycenter_v1alpha1_securitycenternotificationconfig.yaml @@ -0,0 +1,217 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object + required: + - configId + - organizationRef + - pubsubTopic + - streamingConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/securitycenter_v1alpha1_securitycentersource.yaml b/crds/securitycenter_v1alpha1_securitycentersource.yaml new file mode 100644 index 0000000000..eb93b03c32 --- /dev/null +++ b/crds/securitycenter_v1alpha1_securitycentersource.yaml @@ -0,0 +1,175 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycentersources.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterSource + plural: securitycentersources + shortNames: + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml b/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml index 0d554a41a8..4971db6c93 100644 --- a/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectoryendpoint.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml b/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml index b5831a5645..586b21813d 100644 --- a/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectorynamespace.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml b/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml index 2788494667..6a74c10dac 100644 --- a/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml +++ b/crds/servicedirectory_v1beta1_servicedirectoryservice.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml b/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml index 0a6e50e82a..33ba440124 100644 --- a/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml +++ b/crds/servicenetworking_v1beta1_servicenetworkingconnection.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/serviceusage_v1alpha1_serviceusageconsumerquotaoverride.yaml b/crds/serviceusage_v1alpha1_serviceusageconsumerquotaoverride.yaml new file mode 100644 index 0000000000..03e5e664bb --- /dev/null +++ b/crds/serviceusage_v1alpha1_serviceusageconsumerquotaoverride.yaml @@ -0,0 +1,194 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com +spec: + group: serviceusage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides + shortNames: + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. + type: object + force: + description: |- + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: + description: |- + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string + required: + - limit + - metric + - overrideValue + - projectRef + - service + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The server-generated name of the quota override. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/serviceusage_v1beta1_service.yaml b/crds/serviceusage_v1beta1_service.yaml index fe01551416..576194e869 100644 --- a/crds/serviceusage_v1beta1_service.yaml +++ b/crds/serviceusage_v1beta1_service.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/serviceusage_v1beta1_serviceidentity.yaml b/crds/serviceusage_v1beta1_serviceidentity.yaml index fad176e7b5..fa4bc9e95b 100644 --- a/crds/serviceusage_v1beta1_serviceidentity.yaml +++ b/crds/serviceusage_v1beta1_serviceidentity.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sourcerepo_v1beta1_sourcereporepository.yaml b/crds/sourcerepo_v1beta1_sourcereporepository.yaml index 80fee169e9..3ab9b9111b 100644 --- a/crds/sourcerepo_v1beta1_sourcereporepository.yaml +++ b/crds/sourcerepo_v1beta1_sourcereporepository.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/spanner_v1beta1_spannerdatabase.yaml b/crds/spanner_v1beta1_spannerdatabase.yaml index 10204166ae..3c1703dafd 100644 --- a/crds/spanner_v1beta1_spannerdatabase.yaml +++ b/crds/spanner_v1beta1_spannerdatabase.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/spanner_v1beta1_spannerinstance.yaml b/crds/spanner_v1beta1_spannerinstance.yaml index eae6456b9a..45e0571c43 100644 --- a/crds/spanner_v1beta1_spannerinstance.yaml +++ b/crds/spanner_v1beta1_spannerinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqldatabase.yaml b/crds/sql_v1beta1_sqldatabase.yaml index c10b07cacc..46fa46bc14 100644 --- a/crds/sql_v1beta1_sqldatabase.yaml +++ b/crds/sql_v1beta1_sqldatabase.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqlinstance.yaml b/crds/sql_v1beta1_sqlinstance.yaml index e89430480e..4485d4a1a1 100644 --- a/crds/sql_v1beta1_sqlinstance.yaml +++ b/crds/sql_v1beta1_sqlinstance.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqlsslcert.yaml b/crds/sql_v1beta1_sqlsslcert.yaml index 0dfaf1ef77..226b4bea7e 100644 --- a/crds/sql_v1beta1_sqlsslcert.yaml +++ b/crds/sql_v1beta1_sqlsslcert.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/sql_v1beta1_sqluser.yaml b/crds/sql_v1beta1_sqluser.yaml index 09d8760ed9..14b909d0aa 100644 --- a/crds/sql_v1beta1_sqluser.yaml +++ b/crds/sql_v1beta1_sqluser.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1alpha1_storagehmackey.yaml b/crds/storage_v1alpha1_storagehmackey.yaml new file mode 100644 index 0000000000..5e821b78d6 --- /dev/null +++ b/crds/storage_v1alpha1_storagehmackey.yaml @@ -0,0 +1,180 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagehmackeys.storage.cnrm.cloud.google.com +spec: + group: storage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageHMACKey + plural: storagehmackeys + shortNames: + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' + type: string + required: + - projectRef + - serviceAccountEmail + type: object + status: + properties: + accessId: + description: The access ID of the HMAC Key. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/storage_v1beta1_storagebucket.yaml b/crds/storage_v1beta1_storagebucket.yaml index d016d31685..1d637409d8 100644 --- a/crds/storage_v1beta1_storagebucket.yaml +++ b/crds/storage_v1beta1_storagebucket.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagebucketaccesscontrol.yaml b/crds/storage_v1beta1_storagebucketaccesscontrol.yaml index 1eca98a255..901dd6c68a 100644 --- a/crds/storage_v1beta1_storagebucketaccesscontrol.yaml +++ b/crds/storage_v1beta1_storagebucketaccesscontrol.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml b/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml index aec6d0a1db..5312539052 100644 --- a/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml +++ b/crds/storage_v1beta1_storagedefaultobjectaccesscontrol.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storage_v1beta1_storagenotification.yaml b/crds/storage_v1beta1_storagenotification.yaml index 4ad2b4e6f4..a1c513a3af 100644 --- a/crds/storage_v1beta1_storagenotification.yaml +++ b/crds/storage_v1beta1_storagenotification.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/storagetransfer_v1alpha1_storagetransferagentpool.yaml b/crds/storagetransfer_v1alpha1_storagetransferagentpool.yaml new file mode 100644 index 0000000000..43a6bca3e9 --- /dev/null +++ b/crds/storagetransfer_v1alpha1_storagetransferagentpool.yaml @@ -0,0 +1,174 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com +spec: + group: storagetransfer.cnrm.cloud.google.com + names: + categories: + - gcp + kind: StorageTransferAgentPool + plural: storagetransferagentpools + shortNames: + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Specifies the state of the AgentPool. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/storagetransfer_v1beta1_storagetransferjob.yaml b/crds/storagetransfer_v1beta1_storagetransferjob.yaml index 6b4c333ea8..944909f240 100644 --- a/crds/storagetransfer_v1beta1_storagetransferjob.yaml +++ b/crds/storagetransfer_v1beta1_storagetransferjob.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -499,6 +499,22 @@ spec: items: type: string type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string maxTimeElapsedSinceLastModification: description: 'A duration in seconds with up to nine fractional digits, terminated by ''s''. Example: "3.5s".' diff --git a/crds/tags_v1beta1_tagstagbinding.yaml b/crds/tags_v1beta1_tagstagbinding.yaml index ef3c34b8cc..9562da3af0 100644 --- a/crds/tags_v1beta1_tagstagbinding.yaml +++ b/crds/tags_v1beta1_tagstagbinding.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/tags_v1beta1_tagstagkey.yaml b/crds/tags_v1beta1_tagstagkey.yaml index bdc7fa217c..de95516fe8 100644 --- a/crds/tags_v1beta1_tagstagkey.yaml +++ b/crds/tags_v1beta1_tagstagkey.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/tags_v1beta1_tagstagvalue.yaml b/crds/tags_v1beta1_tagstagvalue.yaml index f4617a49c6..bf69f23c45 100644 --- a/crds/tags_v1beta1_tagstagvalue.yaml +++ b/crds/tags_v1beta1_tagstagvalue.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" diff --git a/crds/tpu_v1alpha1_tpunode.yaml b/crds/tpu_v1alpha1_tpunode.yaml new file mode 100644 index 0000000000..db066e860d --- /dev/null +++ b/crds/tpu_v1alpha1_tpunode.yaml @@ -0,0 +1,232 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: tpunodes.tpu.cnrm.cloud.google.com +spec: + group: tpu.cnrm.cloud.google.com + names: + categories: + - gcp + kind: TPUNode + plural: tpunodes + shortNames: + - gcptpunode + - gcptpunodes + singular: tpunode + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: + description: |- + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. + properties: + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. + type: boolean + required: + - preemptible + type: object + tensorflowVersion: + description: The version of Tensorflow running in the Node. + type: string + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. + type: boolean + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaidataset.yaml b/crds/vertexai_v1alpha1_vertexaidataset.yaml new file mode 100644 index 0000000000..c726169436 --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaidataset.yaml @@ -0,0 +1,198 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaidatasets.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIDataset + plural: vertexaidatasets + shortNames: + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - metadataSchemaUri + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + name: + description: The resource name of the Dataset. This value is set by + Google. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaiendpoint.yaml b/crds/vertexai_v1alpha1_vertexaiendpoint.yaml new file mode 100644 index 0000000000..4e718d08b1 --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaiendpoint.yaml @@ -0,0 +1,415 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIEndpoint + plural: vertexaiendpoints + shortNames: + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. + properties: + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + location: + description: Immutable. The location for the resource. + type: string + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaifeaturestore.yaml b/crds/vertexai_v1alpha1_vertexaifeaturestore.yaml new file mode 100644 index 0000000000..448f36a7b6 --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaifeaturestore.yaml @@ -0,0 +1,227 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. + properties: + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer + required: + - maxNodeCount + - minNodeCount + type: object + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytype.yaml b/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytype.yaml new file mode 100644 index 0000000000..85c327f29e --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytype.yaml @@ -0,0 +1,248 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number + required: + - value + type: object + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. + properties: + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. + type: string + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. + type: string + type: object + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). + properties: + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number + required: + - value + type: object + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. + properties: + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer + type: object + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytypefeature.yaml b/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytypefeature.yaml new file mode 100644 index 0000000000..18093db4ed --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaifeaturestoreentitytypefeature.yaml @@ -0,0 +1,154 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures + shortNames: + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. + type: string + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaiindex.yaml b/crds/vertexai_v1alpha1_vertexaiindex.yaml new file mode 100644 index 0000000000..d8bc63c707 --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaiindex.yaml @@ -0,0 +1,297 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaiindexes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIIndex + plural: vertexaiindexes + shortNames: + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string + name: + description: The resource name of the Index. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaimetadatastore.yaml b/crds/vertexai_v1alpha1_vertexaimetadatastore.yaml new file mode 100644 index 0000000000..bfb5669ece --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaimetadatastore.yaml @@ -0,0 +1,194 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIMetadataStore + plural: vertexaimetadatastores + shortNames: + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the MetadataStore. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array + updateTime: + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vertexai_v1alpha1_vertexaitensorboard.yaml b/crds/vertexai_v1alpha1_vertexaitensorboard.yaml new file mode 100644 index 0000000000..4c98aeed83 --- /dev/null +++ b/crds/vertexai_v1alpha1_vertexaitensorboard.yaml @@ -0,0 +1,202 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAITensorboard + plural: vertexaitensorboards + shortNames: + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of this Tensorboard. + type: string + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - projectRef + - region + type: object + status: + properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + name: + description: Name of the Tensorboard. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string + updateTime: + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml b/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml index 26fb5e6d14..5d5ca70fe1 100644 --- a/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml +++ b/crds/vpcaccess_v1beta1_vpcaccessconnector.yaml @@ -16,7 +16,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" diff --git a/crds/workflows_v1alpha1_workflowsworkflow.yaml b/crds/workflows_v1alpha1_workflowsworkflow.yaml new file mode 100644 index 0000000000..1152f9377b --- /dev/null +++ b/crds/workflows_v1alpha1_workflowsworkflow.yaml @@ -0,0 +1,195 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/crds/workstations_v1alpha1_workstationsworkstationcluster.yaml b/crds/workstations_v1alpha1_workstationsworkstationcluster.yaml new file mode 100644 index 0000000000..9caedec38e --- /dev/null +++ b/crds/workstations_v1alpha1_workstationsworkstationcluster.yaml @@ -0,0 +1,217 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml index 30fe2a8c7a..21ccd50540 100644 --- a/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-autopilot-gcp-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-controller-manager @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -128,7 +128,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -140,7 +140,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -152,7 +152,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -164,7 +164,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -176,7 +176,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -188,7 +188,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -200,7 +200,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -212,7 +212,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -224,7 +224,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -236,7 +236,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -248,7 +248,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -260,7 +260,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -272,7 +272,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -284,7 +284,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -296,7 +296,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -308,7 +308,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -320,7 +320,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -332,7 +332,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -344,7 +344,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -356,7 +356,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -368,7 +368,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -380,7 +380,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -392,7 +392,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -404,7 +404,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -416,7 +416,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -428,7 +428,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -440,7 +440,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -452,7 +452,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -464,7 +464,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -476,7 +476,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -488,7 +488,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -500,7 +500,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -512,7 +512,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -524,7 +524,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -536,7 +536,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -548,7 +548,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -560,7 +560,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -572,7 +572,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -584,7 +584,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -596,7 +596,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -608,7 +608,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -620,7 +620,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -632,7 +632,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -644,7 +644,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -656,7 +656,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -668,7 +668,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -680,7 +680,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -692,7 +692,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -704,7 +704,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -716,7 +716,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -728,7 +728,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -740,7 +740,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -752,7 +752,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -763,36 +763,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -802,9 +800,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -813,36 +811,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -852,15 +848,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -871,23 +871,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -896,28 +883,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -926,108 +907,715 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - notebooks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - redis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - resourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - run.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch -- apiGroups: - - compute.cnrm.cloud.google.com + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -1074,6 +1662,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1090,6 +1686,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1106,6 +1742,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1122,6 +1774,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1130,6 +1814,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1138,6 +1830,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1186,6 +1886,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1202,6 +1910,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1218,6 +1934,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1226,6 +1958,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1290,6 +2030,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1362,6 +2110,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1370,12 +2134,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1438,7 +2218,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1456,7 +2236,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1474,7 +2254,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1497,7 +2277,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1514,7 +2294,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1531,7 +2311,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1548,7 +2328,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1565,7 +2345,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1582,7 +2362,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1599,7 +2379,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1621,7 +2401,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1642,7 +2422,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1660,7 +2440,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1673,8 +2453,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1708,7 +2488,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1723,7 +2503,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1736,7 +2516,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1766,7 +2546,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1781,7 +2561,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1794,7 +2574,7 @@ spec: env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/key.json - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: @@ -1831,7 +2611,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1846,7 +2626,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1854,7 +2634,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1885,7 +2665,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml b/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml +++ b/install-bundles/install-bundle-autopilot-gcp-identity/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml index a12e86d607..10e079d099 100644 --- a/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-autopilot-namespaced/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -128,7 +128,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -140,7 +140,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -152,7 +152,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -164,7 +164,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -176,7 +176,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -188,7 +188,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -200,7 +200,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -212,7 +212,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -224,7 +224,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -236,7 +236,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -248,7 +248,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -260,7 +260,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -272,7 +272,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -284,7 +284,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -296,7 +296,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -308,7 +308,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -320,7 +320,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -332,7 +332,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -344,7 +344,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -356,7 +356,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -368,7 +368,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -380,7 +380,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -392,7 +392,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -404,7 +404,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -416,7 +416,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -428,7 +428,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -440,7 +440,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -452,7 +452,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -464,7 +464,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -476,7 +476,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -488,7 +488,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -500,7 +500,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -512,7 +512,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -524,7 +524,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -536,7 +536,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -548,7 +548,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -560,7 +560,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -572,7 +572,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -584,7 +584,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -596,7 +596,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -608,7 +608,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -620,7 +620,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -632,7 +632,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -644,7 +644,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -656,7 +656,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -668,7 +668,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -680,7 +680,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -692,7 +692,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -704,7 +704,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -716,7 +716,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -728,7 +728,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -740,7 +740,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -752,7 +752,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -763,36 +763,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -802,9 +800,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -813,36 +811,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -852,15 +848,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -871,23 +871,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -896,28 +883,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -926,99 +907,674 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-unmanaged-detector-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - notebooks.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - create + - update - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: + - delete - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -1041,6 +1597,14 @@ rules: - get - list - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - cloudidentity.cnrm.cloud.google.com resources: @@ -1049,6 +1613,22 @@ rules: - get - list - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - cloudscheduler.cnrm.cloud.google.com resources: @@ -1057,6 +1637,14 @@ rules: - get - list - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - compute.cnrm.cloud.google.com resources: @@ -1105,6 +1693,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1121,6 +1717,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1137,6 +1773,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1153,6 +1805,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1161,6 +1845,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1169,6 +1861,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1217,6 +1917,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1233,6 +1941,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1249,6 +1965,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1257,6 +1989,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1321,6 +2061,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1393,6 +2141,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1401,12 +2165,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1469,7 +2249,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1487,7 +2267,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1505,7 +2285,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1528,7 +2308,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1545,7 +2325,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1562,7 +2342,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector-binding @@ -1579,7 +2359,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1596,7 +2376,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1613,7 +2393,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1634,7 +2414,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1652,7 +2432,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1665,8 +2445,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1700,7 +2480,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1715,7 +2495,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1728,7 +2508,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1758,7 +2538,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1773,7 +2553,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1781,7 +2561,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1811,7 +2591,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1826,7 +2606,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1834,7 +2614,7 @@ spec: containers: - command: - /configconnector/unmanageddetector - image: gcr.io/cnrm-eap/unmanageddetector:fc8237b + image: gcr.io/cnrm-eap/unmanageddetector:7522d31 imagePullPolicy: Always name: unmanageddetector ports: @@ -1865,7 +2645,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-autopilot-namespaced/crds.yaml b/install-bundles/install-bundle-autopilot-namespaced/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-autopilot-namespaced/crds.yaml +++ b/install-bundles/install-bundle-autopilot-namespaced/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml b/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml index a12ecc3d85..8c13819442 100644 --- a/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml +++ b/install-bundles/install-bundle-autopilot-namespaced/per-namespace-components.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -47,7 +47,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -85,7 +85,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -103,7 +103,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -127,7 +127,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -144,7 +144,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -156,7 +156,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: diff --git a/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml index 38cea85c48..f2b94cce42 100644 --- a/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-autopilot-workload-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/system: "true" @@ -36,7 +36,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -46,7 +46,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -56,7 +56,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -87,7 +87,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -108,7 +108,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -129,7 +129,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -141,7 +141,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -153,7 +153,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -165,7 +165,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -177,7 +177,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -189,7 +189,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -201,7 +201,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -213,7 +213,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -225,7 +225,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -237,7 +237,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -249,7 +249,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -261,7 +261,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -273,7 +273,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -285,7 +285,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -297,7 +297,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -309,7 +309,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -321,7 +321,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -333,7 +333,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -345,7 +345,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -357,7 +357,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -369,7 +369,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -381,7 +381,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -393,7 +393,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -405,7 +405,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -417,7 +417,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -429,7 +429,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -441,7 +441,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -453,7 +453,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -465,7 +465,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -477,7 +477,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -489,7 +489,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -501,7 +501,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -513,7 +513,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -525,7 +525,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -537,7 +537,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -549,7 +549,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -561,7 +561,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -573,7 +573,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -585,7 +585,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -597,7 +597,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -609,7 +609,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -621,7 +621,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -633,7 +633,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -645,7 +645,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -657,7 +657,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -669,7 +669,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -681,7 +681,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -693,7 +693,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -705,7 +705,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -717,7 +717,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -729,7 +729,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -741,7 +741,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -753,7 +753,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -764,36 +764,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -803,9 +801,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -814,36 +812,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -853,15 +849,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -872,23 +872,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -897,28 +884,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -927,108 +908,715 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - notebooks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - redis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - resourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - run.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch -- apiGroups: - - compute.cnrm.cloud.google.com + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -1075,6 +1663,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1091,6 +1687,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1107,6 +1743,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1123,6 +1775,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1131,6 +1815,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1139,6 +1831,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1187,6 +1887,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1203,6 +1911,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1219,6 +1935,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1227,6 +1959,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1291,6 +2031,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1363,6 +2111,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1371,12 +2135,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1439,7 +2219,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1457,7 +2237,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1475,7 +2255,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1498,7 +2278,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1515,7 +2295,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1532,7 +2312,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1549,7 +2329,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1566,7 +2346,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1583,7 +2363,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1600,7 +2380,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1622,7 +2402,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1643,7 +2423,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1661,7 +2441,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1674,8 +2454,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1709,7 +2489,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1724,7 +2504,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1737,7 +2517,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1767,7 +2547,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1782,7 +2562,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1792,7 +2572,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: @@ -1822,7 +2602,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1837,7 +2617,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1845,7 +2625,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1876,7 +2656,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml b/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml +++ b/install-bundles/install-bundle-autopilot-workload-identity/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml index 110100a7c4..21ef543edb 100644 --- a/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-gcp-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-controller-manager @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -128,7 +128,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -140,7 +140,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -152,7 +152,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -164,7 +164,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -176,7 +176,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -188,7 +188,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -200,7 +200,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -212,7 +212,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -224,7 +224,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -236,7 +236,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -248,7 +248,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -260,7 +260,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -272,7 +272,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -284,7 +284,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -296,7 +296,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -308,7 +308,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -320,7 +320,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -332,7 +332,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -344,7 +344,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -356,7 +356,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -368,7 +368,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -380,7 +380,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -392,7 +392,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -404,7 +404,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -416,7 +416,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -428,7 +428,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -440,7 +440,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -452,7 +452,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -464,7 +464,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -476,7 +476,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -488,7 +488,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -500,7 +500,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -512,7 +512,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -524,7 +524,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -536,7 +536,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -548,7 +548,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -560,7 +560,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -572,7 +572,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -584,7 +584,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -596,7 +596,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -608,7 +608,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -620,7 +620,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -632,7 +632,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -644,7 +644,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -656,7 +656,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -668,7 +668,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -680,7 +680,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -692,7 +692,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -704,7 +704,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -716,7 +716,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -728,7 +728,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -740,7 +740,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -752,7 +752,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -763,36 +763,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -802,9 +800,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -813,36 +811,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -852,15 +848,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -871,23 +871,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -896,28 +883,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -926,108 +907,715 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - notebooks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - redis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - resourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - run.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch -- apiGroups: - - compute.cnrm.cloud.google.com + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -1074,6 +1662,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1090,6 +1686,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1106,6 +1742,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1122,6 +1774,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1130,6 +1814,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1138,6 +1830,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1186,6 +1886,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1202,6 +1910,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1218,6 +1934,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1226,6 +1958,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1290,6 +2030,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1362,6 +2110,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1370,12 +2134,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1438,7 +2218,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1456,7 +2236,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1474,7 +2254,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1497,7 +2277,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1514,7 +2294,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1531,7 +2311,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1548,7 +2328,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1565,7 +2345,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1582,7 +2362,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1599,7 +2379,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1621,7 +2401,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1642,7 +2422,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1660,7 +2440,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1673,8 +2453,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1708,7 +2488,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1723,7 +2503,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1736,7 +2516,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1766,7 +2546,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1781,7 +2561,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1794,7 +2574,7 @@ spec: env: - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/secrets/google/key.json - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: @@ -1831,7 +2611,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1846,7 +2626,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1854,7 +2634,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1885,7 +2665,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-gcp-identity/crds.yaml b/install-bundles/install-bundle-gcp-identity/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-gcp-identity/crds.yaml +++ b/install-bundles/install-bundle-gcp-identity/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml b/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml index 95b089f869..6b2637460f 100644 --- a/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-namespaced/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -35,7 +35,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -45,7 +45,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector @@ -55,7 +55,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -65,7 +65,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -86,7 +86,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -107,7 +107,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -128,7 +128,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -140,7 +140,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -152,7 +152,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -164,7 +164,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -176,7 +176,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -188,7 +188,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -200,7 +200,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -212,7 +212,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -224,7 +224,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -236,7 +236,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -248,7 +248,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -260,7 +260,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -272,7 +272,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -284,7 +284,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -296,7 +296,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -308,7 +308,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -320,7 +320,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -332,7 +332,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -344,7 +344,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -356,7 +356,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -368,7 +368,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -380,7 +380,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -392,7 +392,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -404,7 +404,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -416,7 +416,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -428,7 +428,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -440,7 +440,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -452,7 +452,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -464,7 +464,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -476,7 +476,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -488,7 +488,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -500,7 +500,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -512,7 +512,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -524,7 +524,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -536,7 +536,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -548,7 +548,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -560,7 +560,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -572,7 +572,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -584,7 +584,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -596,7 +596,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -608,7 +608,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -620,7 +620,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -632,7 +632,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -644,7 +644,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -656,7 +656,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -668,7 +668,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -680,7 +680,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -692,7 +692,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -704,7 +704,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -716,7 +716,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -728,7 +728,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -740,7 +740,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -752,7 +752,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -763,36 +763,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -802,9 +800,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -813,36 +811,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -852,15 +848,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -871,23 +871,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -896,28 +883,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -926,99 +907,674 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-unmanaged-detector-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - notebooks.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - list -- apiGroups: - - "" - resources: - - events - verbs: - create + - update - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: + - delete - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - redis.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - resourcemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - run.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-unmanaged-detector-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - list +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -1041,6 +1597,14 @@ rules: - get - list - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - cloudidentity.cnrm.cloud.google.com resources: @@ -1049,6 +1613,22 @@ rules: - get - list - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - cloudscheduler.cnrm.cloud.google.com resources: @@ -1057,6 +1637,14 @@ rules: - get - list - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - compute.cnrm.cloud.google.com resources: @@ -1105,6 +1693,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1121,6 +1717,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1137,6 +1773,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1153,6 +1805,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1161,6 +1845,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1169,6 +1861,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1217,6 +1917,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1233,6 +1941,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1249,6 +1965,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1257,6 +1989,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1321,6 +2061,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1393,6 +2141,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1401,12 +2165,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1469,7 +2249,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1487,7 +2267,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1505,7 +2285,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1528,7 +2308,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1545,7 +2325,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1562,7 +2342,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-unmanaged-detector-binding @@ -1579,7 +2359,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1596,7 +2376,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1613,7 +2393,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1634,7 +2414,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1652,7 +2432,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1665,8 +2445,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1700,7 +2480,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1715,7 +2495,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1728,7 +2508,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1758,7 +2538,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1773,7 +2553,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1781,7 +2561,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1811,7 +2591,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1826,7 +2606,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-unmanaged-detector cnrm.cloud.google.com/system: "true" @@ -1834,7 +2614,7 @@ spec: containers: - command: - /configconnector/unmanageddetector - image: gcr.io/cnrm-eap/unmanageddetector:fc8237b + image: gcr.io/cnrm-eap/unmanageddetector:7522d31 imagePullPolicy: Always name: unmanageddetector ports: @@ -1865,7 +2645,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-namespaced/crds.yaml b/install-bundles/install-bundle-namespaced/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-namespaced/crds.yaml +++ b/install-bundles/install-bundle-namespaced/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/install-bundles/install-bundle-namespaced/per-namespace-components.yaml b/install-bundles/install-bundle-namespaced/per-namespace-components.yaml index a12ecc3d85..8c13819442 100644 --- a/install-bundles/install-bundle-namespaced/per-namespace-components.yaml +++ b/install-bundles/install-bundle-namespaced/per-namespace-components.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 iam.gke.io/gcp-service-account: cnrm-system-${NAMESPACE?}@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -47,7 +47,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -85,7 +85,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} cnrm.cloud.google.com/system: "true" @@ -103,7 +103,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -127,7 +127,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -144,7 +144,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/scoped-namespace: ${NAMESPACE?} @@ -156,7 +156,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: diff --git a/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml b/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml index dd10256d7f..96fbd2672a 100644 --- a/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml +++ b/install-bundles/install-bundle-workload-identity/0-cnrm-system.yaml @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-system @@ -25,7 +25,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 iam.gke.io/gcp-service-account: cnrm-system@${PROJECT_ID?}.iam.gserviceaccount.com labels: cnrm.cloud.google.com/system: "true" @@ -36,7 +36,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -46,7 +46,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-resource-stats-recorder @@ -56,7 +56,7 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-manager @@ -66,7 +66,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-cnrm-system-role @@ -87,7 +87,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-cnrm-system-role @@ -108,7 +108,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/system: "true" @@ -129,7 +129,7 @@ rules: - patch - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - alloydb.cnrm.cloud.google.com resources: - '*' verbs: @@ -141,7 +141,7 @@ rules: - patch - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - apigateway.cnrm.cloud.google.com resources: - '*' verbs: @@ -153,7 +153,7 @@ rules: - patch - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - apigee.cnrm.cloud.google.com resources: - '*' verbs: @@ -165,7 +165,7 @@ rules: - patch - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - appengine.cnrm.cloud.google.com resources: - '*' verbs: @@ -177,7 +177,7 @@ rules: - patch - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - artifactregistry.cnrm.cloud.google.com resources: - '*' verbs: @@ -189,7 +189,7 @@ rules: - patch - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - beyondcorp.cnrm.cloud.google.com resources: - '*' verbs: @@ -201,7 +201,7 @@ rules: - patch - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - bigquery.cnrm.cloud.google.com resources: - '*' verbs: @@ -213,7 +213,7 @@ rules: - patch - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - bigqueryanalyticshub.cnrm.cloud.google.com resources: - '*' verbs: @@ -225,7 +225,7 @@ rules: - patch - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - bigqueryconnection.cnrm.cloud.google.com resources: - '*' verbs: @@ -237,7 +237,7 @@ rules: - patch - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - bigquerydatapolicy.cnrm.cloud.google.com resources: - '*' verbs: @@ -249,7 +249,7 @@ rules: - patch - delete - apiGroups: - - compute.cnrm.cloud.google.com + - bigquerydatatransfer.cnrm.cloud.google.com resources: - '*' verbs: @@ -261,7 +261,7 @@ rules: - patch - delete - apiGroups: - - configcontroller.cnrm.cloud.google.com + - bigqueryreservation.cnrm.cloud.google.com resources: - '*' verbs: @@ -273,7 +273,7 @@ rules: - patch - delete - apiGroups: - - container.cnrm.cloud.google.com + - bigtable.cnrm.cloud.google.com resources: - '*' verbs: @@ -285,7 +285,7 @@ rules: - patch - delete - apiGroups: - - containeranalysis.cnrm.cloud.google.com + - billingbudgets.cnrm.cloud.google.com resources: - '*' verbs: @@ -297,7 +297,7 @@ rules: - patch - delete - apiGroups: - - datacatalog.cnrm.cloud.google.com + - binaryauthorization.cnrm.cloud.google.com resources: - '*' verbs: @@ -309,7 +309,7 @@ rules: - patch - delete - apiGroups: - - dataflow.cnrm.cloud.google.com + - certificatemanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -321,7 +321,7 @@ rules: - patch - delete - apiGroups: - - datafusion.cnrm.cloud.google.com + - cloudasset.cnrm.cloud.google.com resources: - '*' verbs: @@ -333,7 +333,7 @@ rules: - patch - delete - apiGroups: - - dataproc.cnrm.cloud.google.com + - cloudbuild.cnrm.cloud.google.com resources: - '*' verbs: @@ -345,7 +345,7 @@ rules: - patch - delete - apiGroups: - - dlp.cnrm.cloud.google.com + - cloudfunctions.cnrm.cloud.google.com resources: - '*' verbs: @@ -357,7 +357,7 @@ rules: - patch - delete - apiGroups: - - dns.cnrm.cloud.google.com + - cloudfunctions2.cnrm.cloud.google.com resources: - '*' verbs: @@ -369,7 +369,7 @@ rules: - patch - delete - apiGroups: - - eventarc.cnrm.cloud.google.com + - cloudidentity.cnrm.cloud.google.com resources: - '*' verbs: @@ -381,7 +381,7 @@ rules: - patch - delete - apiGroups: - - filestore.cnrm.cloud.google.com + - cloudids.cnrm.cloud.google.com resources: - '*' verbs: @@ -393,7 +393,7 @@ rules: - patch - delete - apiGroups: - - firestore.cnrm.cloud.google.com + - cloudiot.cnrm.cloud.google.com resources: - '*' verbs: @@ -405,7 +405,7 @@ rules: - patch - delete - apiGroups: - - gkehub.cnrm.cloud.google.com + - cloudscheduler.cnrm.cloud.google.com resources: - '*' verbs: @@ -417,7 +417,7 @@ rules: - patch - delete - apiGroups: - - iam.cnrm.cloud.google.com + - cloudtasks.cnrm.cloud.google.com resources: - '*' verbs: @@ -429,7 +429,7 @@ rules: - patch - delete - apiGroups: - - iap.cnrm.cloud.google.com + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -441,7 +441,7 @@ rules: - patch - delete - apiGroups: - - identityplatform.cnrm.cloud.google.com + - configcontroller.cnrm.cloud.google.com resources: - '*' verbs: @@ -453,7 +453,7 @@ rules: - patch - delete - apiGroups: - - kms.cnrm.cloud.google.com + - container.cnrm.cloud.google.com resources: - '*' verbs: @@ -465,7 +465,7 @@ rules: - patch - delete - apiGroups: - - logging.cnrm.cloud.google.com + - containeranalysis.cnrm.cloud.google.com resources: - '*' verbs: @@ -477,7 +477,7 @@ rules: - patch - delete - apiGroups: - - memcache.cnrm.cloud.google.com + - datacatalog.cnrm.cloud.google.com resources: - '*' verbs: @@ -489,7 +489,7 @@ rules: - patch - delete - apiGroups: - - monitoring.cnrm.cloud.google.com + - dataflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -501,7 +501,7 @@ rules: - patch - delete - apiGroups: - - networkconnectivity.cnrm.cloud.google.com + - dataform.cnrm.cloud.google.com resources: - '*' verbs: @@ -513,7 +513,7 @@ rules: - patch - delete - apiGroups: - - networksecurity.cnrm.cloud.google.com + - datafusion.cnrm.cloud.google.com resources: - '*' verbs: @@ -525,7 +525,7 @@ rules: - patch - delete - apiGroups: - - networkservices.cnrm.cloud.google.com + - dataproc.cnrm.cloud.google.com resources: - '*' verbs: @@ -537,7 +537,7 @@ rules: - patch - delete - apiGroups: - - osconfig.cnrm.cloud.google.com + - datastore.cnrm.cloud.google.com resources: - '*' verbs: @@ -549,7 +549,7 @@ rules: - patch - delete - apiGroups: - - privateca.cnrm.cloud.google.com + - datastream.cnrm.cloud.google.com resources: - '*' verbs: @@ -561,7 +561,7 @@ rules: - patch - delete - apiGroups: - - pubsub.cnrm.cloud.google.com + - deploymentmanager.cnrm.cloud.google.com resources: - '*' verbs: @@ -573,7 +573,7 @@ rules: - patch - delete - apiGroups: - - pubsublite.cnrm.cloud.google.com + - dialogflow.cnrm.cloud.google.com resources: - '*' verbs: @@ -585,7 +585,7 @@ rules: - patch - delete - apiGroups: - - recaptchaenterprise.cnrm.cloud.google.com + - dialogflowcx.cnrm.cloud.google.com resources: - '*' verbs: @@ -597,7 +597,7 @@ rules: - patch - delete - apiGroups: - - redis.cnrm.cloud.google.com + - dlp.cnrm.cloud.google.com resources: - '*' verbs: @@ -609,7 +609,7 @@ rules: - patch - delete - apiGroups: - - resourcemanager.cnrm.cloud.google.com + - dns.cnrm.cloud.google.com resources: - '*' verbs: @@ -621,7 +621,7 @@ rules: - patch - delete - apiGroups: - - run.cnrm.cloud.google.com + - documentai.cnrm.cloud.google.com resources: - '*' verbs: @@ -633,7 +633,7 @@ rules: - patch - delete - apiGroups: - - secretmanager.cnrm.cloud.google.com + - essentialcontacts.cnrm.cloud.google.com resources: - '*' verbs: @@ -645,7 +645,7 @@ rules: - patch - delete - apiGroups: - - servicedirectory.cnrm.cloud.google.com + - eventarc.cnrm.cloud.google.com resources: - '*' verbs: @@ -657,7 +657,7 @@ rules: - patch - delete - apiGroups: - - servicenetworking.cnrm.cloud.google.com + - filestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -669,7 +669,7 @@ rules: - patch - delete - apiGroups: - - serviceusage.cnrm.cloud.google.com + - firebase.cnrm.cloud.google.com resources: - '*' verbs: @@ -681,7 +681,7 @@ rules: - patch - delete - apiGroups: - - sourcerepo.cnrm.cloud.google.com + - firebasedatabase.cnrm.cloud.google.com resources: - '*' verbs: @@ -693,7 +693,7 @@ rules: - patch - delete - apiGroups: - - spanner.cnrm.cloud.google.com + - firebasehosting.cnrm.cloud.google.com resources: - '*' verbs: @@ -705,7 +705,7 @@ rules: - patch - delete - apiGroups: - - sql.cnrm.cloud.google.com + - firebasestorage.cnrm.cloud.google.com resources: - '*' verbs: @@ -717,7 +717,7 @@ rules: - patch - delete - apiGroups: - - storage.cnrm.cloud.google.com + - firestore.cnrm.cloud.google.com resources: - '*' verbs: @@ -729,7 +729,7 @@ rules: - patch - delete - apiGroups: - - storagetransfer.cnrm.cloud.google.com + - gkebackup.cnrm.cloud.google.com resources: - '*' verbs: @@ -741,7 +741,7 @@ rules: - patch - delete - apiGroups: - - tags.cnrm.cloud.google.com + - gkehub.cnrm.cloud.google.com resources: - '*' verbs: @@ -753,7 +753,7 @@ rules: - patch - delete - apiGroups: - - vpcaccess.cnrm.cloud.google.com + - healthcare.cnrm.cloud.google.com resources: - '*' verbs: @@ -764,36 +764,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-deletiondefender-role -rules: - apiGroups: - - apiextensions.k8s.io + - iam.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - iap.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - identityplatform.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -803,9 +801,9 @@ rules: - patch - delete - apiGroups: - - "" + - kms.cnrm.cloud.google.com resources: - - services + - '*' verbs: - get - list @@ -814,36 +812,34 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-cluster-role -rules: - apiGroups: - - apiextensions.k8s.io + - logging.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - "" + - memcache.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - admissionregistration.k8s.io + - mlengine.cnrm.cloud.google.com resources: - - validatingwebhookconfigurations + - '*' verbs: - get - list @@ -853,15 +849,19 @@ rules: - patch - delete - apiGroups: - - core.cnrm.cloud.google.com + - monitoring.cnrm.cloud.google.com resources: - - servicemappings + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - core.cnrm.cloud.google.com + - networkconnectivity.cnrm.cloud.google.com resources: - '*' verbs: @@ -872,23 +872,10 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-manager-ns-role -rules: - apiGroups: - - "" + - networkmanagement.cnrm.cloud.google.com resources: - - events - - configmaps - - secrets - - services + - '*' verbs: - get - list @@ -897,28 +884,22 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - labels: - cnrm.cloud.google.com/system: "true" - name: cnrm-recorder-role -rules: - apiGroups: - - "" + - networksecurity.cnrm.cloud.google.com resources: - - namespaces + - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apiextensions.k8s.io + - networkservices.cnrm.cloud.google.com resources: - - customresourcedefinitions + - '*' verbs: - get - list @@ -927,108 +908,715 @@ rules: - update - patch - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/system: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: cnrm-viewer -rules: - apiGroups: - - accesscontextmanager.cnrm.cloud.google.com + - notebooks.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - apigee.cnrm.cloud.google.com + - orgpolicy.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - artifactregistry.cnrm.cloud.google.com + - osconfig.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigquery.cnrm.cloud.google.com + - oslogin.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - bigtable.cnrm.cloud.google.com + - privateca.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - billingbudgets.cnrm.cloud.google.com + - pubsub.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - binaryauthorization.cnrm.cloud.google.com + - pubsublite.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudbuild.cnrm.cloud.google.com + - recaptchaenterprise.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudfunctions.cnrm.cloud.google.com + - redis.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudidentity.cnrm.cloud.google.com + - resourcemanager.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch + - create + - update + - patch + - delete - apiGroups: - - cloudscheduler.cnrm.cloud.google.com + - run.cnrm.cloud.google.com resources: - '*' verbs: - get - list - watch -- apiGroups: - - compute.cnrm.cloud.google.com + - create + - update + - patch + - delete +- apiGroups: + - secretmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicedirectory.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - servicenetworking.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - serviceusage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sourcerepo.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - spanner.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - sql.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - storagetransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tags.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - vpcaccess.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-deletiondefender-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-cluster-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - servicemappings + verbs: + - get + - list + - watch +- apiGroups: + - core.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-manager-ns-role +rules: +- apiGroups: + - "" + resources: + - events + - configmaps + - secrets + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + labels: + cnrm.cloud.google.com/system: "true" + name: cnrm-recorder-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/system: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: cnrm-viewer +rules: +- apiGroups: + - accesscontextmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - alloydb.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigateway.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apigee.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - appengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - artifactregistry.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - beyondcorp.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquery.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryanalyticshub.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryconnection.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatapolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigquerydatatransfer.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigqueryreservation.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - bigtable.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - billingbudgets.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - binaryauthorization.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - certificatemanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudasset.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudbuild.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudfunctions2.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudidentity.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudids.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudiot.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudscheduler.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - cloudtasks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - compute.cnrm.cloud.google.com resources: - '*' verbs: @@ -1075,6 +1663,14 @@ rules: - get - list - watch +- apiGroups: + - dataform.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - datafusion.cnrm.cloud.google.com resources: @@ -1091,6 +1687,46 @@ rules: - get - list - watch +- apiGroups: + - datastore.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - datastream.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - deploymentmanager.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflow.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - dialogflowcx.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - dlp.cnrm.cloud.google.com resources: @@ -1107,6 +1743,22 @@ rules: - get - list - watch +- apiGroups: + - documentai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - essentialcontacts.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - eventarc.cnrm.cloud.google.com resources: @@ -1123,6 +1775,38 @@ rules: - get - list - watch +- apiGroups: + - firebase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasedatabase.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasehosting.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - firebasestorage.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - firestore.cnrm.cloud.google.com resources: @@ -1131,6 +1815,14 @@ rules: - get - list - watch +- apiGroups: + - gkebackup.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - gkehub.cnrm.cloud.google.com resources: @@ -1139,6 +1831,14 @@ rules: - get - list - watch +- apiGroups: + - healthcare.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - iam.cnrm.cloud.google.com resources: @@ -1187,6 +1887,14 @@ rules: - get - list - watch +- apiGroups: + - mlengine.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - monitoring.cnrm.cloud.google.com resources: @@ -1203,6 +1911,14 @@ rules: - get - list - watch +- apiGroups: + - networkmanagement.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - networksecurity.cnrm.cloud.google.com resources: @@ -1219,6 +1935,22 @@ rules: - get - list - watch +- apiGroups: + - notebooks.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - orgpolicy.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - osconfig.cnrm.cloud.google.com resources: @@ -1227,6 +1959,14 @@ rules: - get - list - watch +- apiGroups: + - oslogin.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - privateca.cnrm.cloud.google.com resources: @@ -1291,6 +2031,14 @@ rules: - get - list - watch +- apiGroups: + - securitycenter.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - servicedirectory.cnrm.cloud.google.com resources: @@ -1363,6 +2111,22 @@ rules: - get - list - watch +- apiGroups: + - tpu.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - vertexai.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch - apiGroups: - vpcaccess.cnrm.cloud.google.com resources: @@ -1371,12 +2135,28 @@ rules: - get - list - watch +- apiGroups: + - workflows.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - workstations.cnrm.cloud.google.com + resources: + - '*' + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role @@ -1439,7 +2219,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-role-binding @@ -1457,7 +2237,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-role-binding @@ -1475,7 +2255,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-admin-binding @@ -1498,7 +2278,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender-binding @@ -1515,7 +2295,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-binding @@ -1532,7 +2312,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-manager-watcher-binding @@ -1549,7 +2329,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-recorder-binding @@ -1566,7 +2346,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook-binding @@ -1583,7 +2363,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-deletiondefender @@ -1600,7 +2380,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "8888" prometheus.io/scrape: "true" labels: @@ -1622,7 +2402,7 @@ apiVersion: v1 kind: Service metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 prometheus.io/port: "48797" prometheus.io/scrape: "true" labels: @@ -1643,7 +2423,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1661,7 +2441,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-resource-stats-recorder cnrm.cloud.google.com/system: "true" @@ -1674,8 +2454,8 @@ spec: - /configconnector/recorder env: - name: CONFIG_CONNECTOR_VERSION - value: 1.102.0 - image: gcr.io/cnrm-eap/recorder:fc8237b + value: 1.103.0 + image: gcr.io/cnrm-eap/recorder:7522d31 imagePullPolicy: Always name: recorder ports: @@ -1709,7 +2489,7 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1724,7 +2504,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-webhook-manager cnrm.cloud.google.com/system: "true" @@ -1737,7 +2517,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/cnrm-eap/webhook:fc8237b + image: gcr.io/cnrm-eap/webhook:7522d31 imagePullPolicy: Always name: webhook ports: @@ -1767,7 +2547,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1782,7 +2562,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-controller-manager cnrm.cloud.google.com/system: "true" @@ -1792,7 +2572,7 @@ spec: - --prometheus-scrape-endpoint=:8888 command: - /configconnector/manager - image: gcr.io/cnrm-eap/controller:fc8237b + image: gcr.io/cnrm-eap/controller:7522d31 imagePullPolicy: Always name: manager ports: @@ -1822,7 +2602,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1837,7 +2617,7 @@ spec: template: metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/component: cnrm-deletiondefender cnrm.cloud.google.com/system: "true" @@ -1845,7 +2625,7 @@ spec: containers: - command: - /configconnector/deletiondefender - image: gcr.io/cnrm-eap/deletiondefender:fc8237b + image: gcr.io/cnrm-eap/deletiondefender:7522d31 imagePullPolicy: Always name: deletiondefender ports: @@ -1876,7 +2656,7 @@ kind: HorizontalPodAutoscaler metadata: annotations: autoscaling.alpha.kubernetes.io/metrics: '[{"type":"Resource","resource":{"name":"memory","targetAverageUtilization":90}}]' - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 labels: cnrm.cloud.google.com/system: "true" name: cnrm-webhook diff --git a/install-bundles/install-bundle-workload-identity/crds.yaml b/install-bundles/install-bundle-workload-identity/crds.yaml index 1871feb5e1..d54f894070 100644 --- a/install-bundles/install-bundle-workload-identity/crds.yaml +++ b/install-bundles/install-bundle-workload-identity/crds.yaml @@ -16,7 +16,255 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanageraccesslevelconditions.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerAccessLevelCondition + plural: accesscontextmanageraccesslevelconditions + shortNames: + - gcpaccesscontextmanageraccesslevelcondition + - gcpaccesscontextmanageraccesslevelconditions + singular: accesscontextmanageraccesslevelcondition + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AccessContextManagerAccessLevel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + devicePolicy: + description: |- + Immutable. Device specific restrictions, all restrictions must hold for + the Condition to be true. If not specified, all devices are + allowed. + properties: + allowedDeviceManagementLevels: + description: |- + Immutable. A list of allowed device management levels. + An empty list allows all management levels. Possible values: ["MANAGEMENT_UNSPECIFIED", "NONE", "BASIC", "COMPLETE"]. + items: + type: string + type: array + allowedEncryptionStatuses: + description: |- + Immutable. A list of allowed encryptions statuses. + An empty list allows all statuses. Possible values: ["ENCRYPTION_UNSPECIFIED", "ENCRYPTION_UNSUPPORTED", "UNENCRYPTED", "ENCRYPTED"]. + items: + type: string + type: array + osConstraints: + description: |- + Immutable. A list of allowed OS versions. + An empty list allows all types and all versions. + items: + properties: + minimumVersion: + description: |- + Immutable. The minimum allowed OS version. If not set, any version + of this OS satisfies the constraint. + Format: "major.minor.patch" such as "10.5.301", "9.2.1". + type: string + osType: + description: 'Immutable. The operating system type of the + device. Possible values: ["OS_UNSPECIFIED", "DESKTOP_MAC", + "DESKTOP_WINDOWS", "DESKTOP_LINUX", "DESKTOP_CHROME_OS", + "ANDROID", "IOS"].' + type: string + required: + - osType + type: object + type: array + requireAdminApproval: + description: Immutable. Whether the device needs to be approved + by the customer admin. + type: boolean + requireCorpOwned: + description: Immutable. Whether the device needs to be corp owned. + type: boolean + requireScreenLock: + description: |- + Immutable. Whether or not screenlock is required for the DevicePolicy + to be true. Defaults to false. + type: boolean + type: object + ipSubnetworks: + description: |- + Immutable. A list of CIDR block IP subnetwork specification. May be IPv4 + or IPv6. + Note that for a CIDR IP address block, the specified IP address + portion must be properly truncated (i.e. all the host bits must + be zero) or the input is considered malformed. For example, + "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, + for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" + is not. The originating IP of a request must be in one of the + listed subnets in order for this Condition to be true. + If empty, all IP addresses are allowed. + items: + type: string + type: array + members: + description: |- + Immutable. An allowed list of members (users, service accounts). + Using groups is not supported yet. + + The signed-in user originating the request must be a part of one + of the provided members. If not specified, a request may come + from any user (logged in/not logged in, not present in any + groups, etc.). + Formats: 'user:{emailid}', 'serviceAccount:{emailid}'. + items: + type: string + type: array + negate: + description: |- + Immutable. Whether to negate the Condition. If true, the Condition becomes + a NAND over its non-empty fields, each field must be false for + the Condition overall to be satisfied. Defaults to false. + type: boolean + regions: + description: |- + Immutable. The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + items: + type: string + type: array + requiredAccessLevels: + description: |- + Immutable. A list of other access levels defined in the same Policy, + referenced by resource name. Referencing an AccessLevel which + does not exist is an error. All access levels listed must be + granted for the Condition to be true. + Format: accessPolicies/{policy_id}/accessLevels/{short_name}. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The accessLevel of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -402,7 +650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -532,7 +780,324 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagergcpuseraccessbindings.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerGCPUserAccessBinding + plural: accesscontextmanagergcpuseraccessbindings + shortNames: + - gcpaccesscontextmanagergcpuseraccessbinding + - gcpaccesscontextmanagergcpuseraccessbindings + singular: accesscontextmanagergcpuseraccessbinding + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessLevels: + description: 'Required. Access level that a user must have to be granted + access. Only one access level is supported, not multiple. This repeated + field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted".' + items: + type: string + type: array + groupKey: + description: 'Immutable. Required. Immutable. Google Group id whose + members are subject to this binding''s restrictions. See "id" in + the G Suite Directory API''s Groups resource. If a group''s email + address/alias is changed, this resource will continue to point at + the changed group. This field does not accept group email addresses + or aliases. Example: "01d520gv4vjcrht".' + type: string + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - accessLevels + - groupKey + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'Immutable. Assigned by the server during creation. The + last segment has an arbitrary length and has only URI unreserved + characters (as defined by RFC 3986 Section 2.3). Should not be specified + by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: accesscontextmanagerserviceperimeterresources.accesscontextmanager.cnrm.cloud.google.com +spec: + group: accesscontextmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AccessContextManagerServicePerimeterResource + plural: accesscontextmanagerserviceperimeterresources + shortNames: + - gcpaccesscontextmanagerserviceperimeterresource + - gcpaccesscontextmanagerserviceperimeterresources + singular: accesscontextmanagerserviceperimeterresource + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + perimeterNameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{parent}}/servicePerimeters/{{value}}`, + where {{value}} is the `name` field of an `AccessContextManagerServicePerimeter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resource: + description: |- + Immutable. A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number}. + type: string + required: + - perimeterNameRef + - resource + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -1740,25 +2305,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeenvironments.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbbackups.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeEnvironment - plural: apigeeenvironments + kind: AlloyDBBackup + plural: alloydbbackups shortNames: - - gcpapigeeenvironment - - gcpapigeeenvironments - singular: apigeeenvironment + - gcpalloydbbackup + - gcpalloydbbackups + singular: alloydbbackup preserveUnknownFields: false scope: Namespaced versions: @@ -1778,7 +2343,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1796,8 +2361,19 @@ spec: type: object spec: properties: - apigeeOrganizationRef: - description: Immutable. + clusterName: + description: Immutable. The full resource name of the backup source + cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}). + type: string + description: + description: Immutable. User-provided description of the backup. + type: string + location: + description: Immutable. The location where the alloydb backup should + reside. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -1814,10 +2390,7 @@ spec: - external properties: external: - description: |- - The apigee organization for the resource - - Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -1826,25 +2399,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Optional. Description of the environment. - type: string - displayName: - description: Optional. Display name for this environment. - type: string - properties: - additionalProperties: - type: string - description: Optional. Key-value pairs that may be used for customizing - the environment. - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The backupId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - apigeeOrganizationRef + - clusterName + - location + - projectRef type: object status: properties: @@ -1874,16 +2437,16 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Creation time of this environment as milliseconds - since epoch. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Last modification time of this environment - as milliseconds since epoch. - format: int64 - type: integer + createTime: + description: Time the Backup was created in UTC. + type: string + etag: + description: A hash of the resource. + type: string + name: + description: 'Output only. The name of the backup resource with the + format: * projects/{project}/locations/{region}/backups/{backupId}.' + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -1891,10 +2454,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + reconciling: + description: If true, indicates that the service is actively updating + the resource. This can happen due to user-triggered updates or system + actions like failover or maintenance. + type: boolean state: - description: 'Output only. State of the environment. Values other - than ACTIVE means the resource is not ready to use. Possible values: - STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + description: The current state of the backup. + type: string + uid: + description: Output only. The system-generated UID of the resource. + The UID is assigned when the resource is created, and it is retained + until it is deleted. + type: string + updateTime: + description: Time the Backup was updated in UTC. type: string type: object required: @@ -1915,25 +2489,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: apigeeorganizations.apigee.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: alloydbclusters.alloydb.cnrm.cloud.google.com spec: - group: apigee.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ApigeeOrganization - plural: apigeeorganizations + kind: AlloyDBCluster + plural: alloydbclusters shortNames: - - gcpapigeeorganization - - gcpapigeeorganizations - singular: apigeeorganization + - gcpalloydbcluster + - gcpalloydbclusters + singular: alloydbcluster preserveUnknownFields: false scope: Namespaced versions: @@ -1953,7 +2527,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -1971,67 +2545,155 @@ spec: type: object spec: properties: - addonsConfig: - description: Addon configurations of the Apigee organization. + automatedBackupPolicy: + description: |- + The automated backup policy for this cluster. + + If no policy is provided then the default policy will be used. The default policy takes one backup a day, has a backup window of 1 hour, and retains backups for 14 days. properties: - advancedApiOpsConfig: - description: Configuration for the Advanced API Ops add-on. + backupWindow: + description: |- + The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed. + + The backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enabled: + description: Whether automated backups are enabled. + type: boolean + labels: + additionalProperties: + type: string + description: Labels to apply to backups created using this configuration. + type: object + location: + description: The location where the backup will be stored. Currently, + the only supported option is to store the backup in the same + region as the cluster. + type: string + quantityBasedRetention: + description: Quantity-based Backup retention policy to retain + recent backups. properties: - enabled: - description: Flag that specifies whether the Advanced API - Ops add-on is enabled. - type: boolean + count: + description: The number of backups to retain. + type: integer type: object - monetizationConfig: - description: Configuration for the Monetization add-on. + timeBasedRetention: + description: Time-based Backup retention policy. properties: - enabled: - description: Flag that specifies whether the Monetization - add-on is enabled. - type: boolean + retentionPeriod: + description: |- + The retention period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + weeklySchedule: + description: Weekly schedule for the Backup. + properties: + daysOfWeek: + description: 'The days of the week to perform a backup. At + least one day of the week must be provided. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + items: + type: string + type: array + startTimes: + description: The times during the day to start a backup. At + least one start time must be provided. The start times are + assumed to be in UTC and to be an exact hour (e.g., 04:00:00). + items: + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the value + "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. An API may allow the value 60 if + it allows leap-seconds. + type: integer + type: object + type: array + required: + - startTimes type: object type: object - analyticsRegion: - description: Immutable. Required. Primary GCP region for analytics - data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + displayName: + description: User-settable and human-readable display name for the + Cluster. type: string - authorizedNetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + initialUser: + description: Initial user to setup during cluster creation. properties: - external: - description: |- - Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + password: + description: The initial password for the user. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + user: + description: The database username. type: string + required: + - password type: object - description: - description: Description of the Apigee organization. + location: + description: Immutable. The location where the alloydb cluster should + reside. type: string - displayName: - description: Display name for the Apigee organization. + network: + description: |- + The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: + + "projects/{projectNumber}/global/networks/{network_id}". type: string projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -2048,10 +2710,7 @@ spec: - external properties: external: - description: |- - Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -2060,67 +2719,27 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - properties: - additionalProperties: - type: string - description: Properties defined in the Apigee organization profile. - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - runtimeDatabaseEncryptionKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - runtimeType: - description: 'Immutable. Required. Runtime type of the Apigee organization - based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, - CLOUD, HYBRID' + description: Immutable. Optional. The clusterId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - analyticsRegion + - location + - network - projectRef - - runtimeType type: object status: properties: - billingType: - description: 'Output only. Billing type of the Apigee organization. - See (https://cloud.google.com/apigee/pricing). Possible values: - BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' - type: string - caCertificate: - description: Output only. Base64-encoded public certificate for the - root CA of the Apigee organization. Valid only when (#RuntimeType) - is `CLOUD`. - type: string + backupSource: + description: Cluster created from backup. + items: + properties: + backupName: + description: The name of the backup resource. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -2147,26 +2766,31 @@ spec: type: string type: object type: array - createdAt: - description: Output only. Time that the Apigee organization was created - in milliseconds since epoch. - format: int64 - type: integer - environments: - description: Output only. List of environments in the Apigee organization. + databaseVersion: + description: The database engine major version. This is an output-only + field and it's populated at the Cluster creation time. This field + cannot be changed after cluster creation. + type: string + migrationSource: + description: Cluster created via DMS migration. items: - type: string + properties: + hostPort: + description: The host and port of the on-premises instance in + host:port format. + type: string + referenceId: + description: Place holder for the external source identifier(e.g + DMS job name) that created the cluster. + type: string + sourceType: + description: Type of migration source. + type: string + type: object type: array - expiresAt: - description: Output only. Time that the Apigee organization is scheduled - for deletion. - format: int64 - type: integer - lastModifiedAt: - description: Output only. Time that the Apigee organization was last - modified in milliseconds since epoch. - format: int64 - type: integer + name: + description: The name of the cluster resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2174,21 +2798,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectId: - description: Output only. Project ID associated with the Apigee organization. - type: string - state: - description: 'Output only. State of the organization. Values other - than ACTIVE means the resource is not ready to use. Possible values: - SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, - OK_EXTERNAL, DELETED' - type: string - subscriptionType: - description: 'Output only. DEPRECATED: This will eventually be replaced - by BillingType. Subscription type of the Apigee organization. Valid - values include trial (free, limited, and for evaluation purposes - only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). - Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + uid: + description: The system-generated UID of the resource. type: string type: object required: @@ -2209,25 +2820,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com + name: alloydbinstances.alloydb.cnrm.cloud.google.com spec: - group: artifactregistry.cnrm.cloud.google.com + group: alloydb.cnrm.cloud.google.com names: categories: - gcp - kind: ArtifactRegistryRepository - plural: artifactregistryrepositories + kind: AlloyDBInstance + plural: alloydbinstances shortNames: - - gcpartifactregistryrepository - - gcpartifactregistryrepositories - singular: artifactregistryrepository + - gcpalloydbinstance + - gcpalloydbinstances + singular: alloydbinstance preserveUnknownFields: false scope: Namespaced versions: @@ -2247,7 +2858,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2265,172 +2876,71 @@ spec: type: object spec: properties: - description: - description: The user-provided description of the repository. + annotations: + additionalProperties: + type: string + description: Annotations to allow client tools to store small amount + of arbitrary data. This is distinct from labels. + type: object + availabilityType: + description: 'Availability type of an Instance. Defaults to REGIONAL + for both primary and read instances. Note that primary and read + instances can have different availability types. Possible values: + ["AVAILABILITY_TYPE_UNSPECIFIED", "ZONAL", "REGIONAL"].' type: string - format: + cluster: description: |- - Immutable. The format of packages that are stored in the repository. Supported formats - can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). - You can only create alpha formats if you are a member of the - [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). + Immutable. Identifies the alloydb cluster. Must be in the format + 'projects/{project}/locations/{location}/clusters/{cluster_id}'. type: string - kmsKeyRef: - description: |- - The customer managed encryption key that’s used to encrypt the - contents of the Repository. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + databaseFlags: + additionalProperties: + type: string + description: Database flags. Set at instance level. * They are copied + from primary instance on read instance creation. * Read instances + can set new or override existing flags that are relevant for reads, + e.g. for enabling columnar cache on a read instance. Flags set on + read instance may or may not be present on primary. type: object - location: - description: Immutable. The name of the location this repository is - located in. + displayName: + description: User-settable and human-readable display name for the + Instance. type: string - mavenConfig: - description: |- - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. + gceZone: + description: The Compute Engine zone that the instance should serve + from, per https://cloud.google.com/compute/docs/regions-zones This + can ONLY be specified for ZONAL instances. If present for a REGIONAL + instance, an error will be thrown. If this is absent for a ZONAL + instance, instance is created in a random zone with available capacity. + type: string + instanceType: + description: 'Immutable. The type of the instance. Possible values: + ["PRIMARY", "READ_POOL"].' + type: string + machineConfig: + description: Configurations for the machines that host the underlying + database engine. properties: - allowSnapshotOverwrites: - description: |- - Immutable. The repository with this flag will allow publishing the same - snapshot versions. - type: boolean - versionPolicy: - description: 'Immutable. Version policy defines the versions that - the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" - Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' - type: string + cpuCount: + description: The number of CPU's in the VM instance. + type: integer type: object - mode: - description: 'Immutable. The mode configures the repository to serve - artifacts from different sources. Default value: "STANDARD_REPOSITORY" - Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' - type: string - remoteRepositoryConfig: - description: Immutable. Configuration specific for a Remote Repository. + readPoolConfig: + description: Read pool specific config. properties: - description: - description: Immutable. The description of the remote source. - type: string - dockerRepository: - description: Immutable. Specific settings for a Docker remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' - type: string - type: object - mavenRepository: - description: Immutable. Specific settings for a Maven remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' - type: string - type: object - npmRepository: - description: Immutable. Specific settings for an Npm remote repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "NPMJS" Possible values: ["NPMJS"].' - type: string - type: object - pythonRepository: - description: Immutable. Specific settings for a Python remote - repository. - properties: - publicRepository: - description: 'Immutable. Address of the remote repository. - Default value: "PYPI" Possible values: ["PYPI"].' - type: string - type: object + nodeCount: + description: Read capacity, i.e. number of nodes in a read pool + instance. + type: integer type: object resourceID: - description: Immutable. Optional. The repositoryId of the resource. + description: Immutable. Optional. The instanceId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - virtualRepositoryConfig: - description: Configuration specific for a Virtual Repository. - properties: - upstreamPolicies: - description: |- - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - items: - properties: - id: - description: The user-provided ID of the upstream policy. - type: string - priority: - description: Entries with a greater priority value take - precedence in the pull order. - type: integer - repositoryRef: - description: |- - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repositories/repo1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, - where {{value}} is the `name` field of an `ArtifactRegistryRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - type: object required: - - format - - location + - cluster + - instanceType type: object status: properties: @@ -2461,12 +2971,14 @@ spec: type: object type: array createTime: - description: The time when the repository was created. + description: Time the Instance was created in UTC. + type: string + ipAddress: + description: The IP address for the Instance. This is the connection + endpoint for an end-user application. type: string name: - description: |- - The name of the repository, for example: - "projects/p1/locations/us-central1/repositories/repo1". + description: The name of the instance resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -2475,10 +2987,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: The time when the repository was last updated. + reconciling: + description: Set to true if the current state of Instance does not + match the user's intended state, and the service is actively updating + the resource to reconcile them. This can happen due to user-triggered + updates or system actions like failover or maintenance. + type: boolean + state: + description: The current state of the alloydb instance. type: string - type: object + uid: + description: The system-generated UID of the resource. + type: string + updateTime: + description: Time the Instance was updated in UTC. + type: string + type: object required: - spec type: object @@ -2497,25 +3021,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerydatasets.bigquery.cnrm.cloud.google.com + name: apigatewayapiconfigs.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryDataset - plural: bigquerydatasets + kind: APIGatewayAPIConfig + plural: apigatewayapiconfigs shortNames: - - gcpbigquerydataset - - gcpbigquerydatasets - singular: bigquerydataset + - gcpapigatewayapiconfig + - gcpapigatewayapiconfigs + singular: apigatewayapiconfig preserveUnknownFields: false scope: Namespaced versions: @@ -2535,7 +3059,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2553,202 +3077,287 @@ spec: type: object spec: properties: - access: - description: An array of objects that define dataset access for one - or more entities. + api: + description: Immutable. The API to attach the config to. + type: string + apiConfigIdPrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. If this and api_config_id are unspecified, a random value + is chosen for the name. + type: string + displayName: + description: A user-visible name for the API. + type: string + gatewayConfig: + description: |- + Immutable. Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account. + properties: + backendConfig: + description: Backend settings that are applied to all backends + of the Gateway. + properties: + googleServiceAccount: + description: |- + Immutable. Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + type: string + required: + - googleServiceAccount + type: object + required: + - backendConfig + type: object + grpcServices: + description: gRPC service definition files. If specified, openapiDocuments + must not be included. items: properties: - dataset: - description: Grants all resources of particular types in a particular - dataset read access to the current dataset. + fileDescriptorSet: + description: |- + Immutable. Input only. File descriptor set, generated by protoc. + To generate, use protoc with imports and source info included. For an example test.proto file, the following command would put the value in a new file named out.pb. + + $ protoc --include_imports --include_source_info test.proto -o out.pb. properties: - dataset: - description: The dataset this entry applies to. - properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. - type: string - required: - - datasetId - - projectId - type: object - targetTypes: - description: |- - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS. - items: - type: string - type: array + contents: + description: Immutable. Base64 encoded content of the file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string required: - - dataset - - targetTypes + - contents + - path type: object - domain: - description: |- - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access. - type: string - groupByEmail: - description: An email address of a Google Group to grant access - to. - type: string - role: - description: |- - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - [official docs](https://cloud.google.com/bigquery/docs/access-control). - type: string - specialGroup: - description: |- - A special group to grant access to. Possible values include: - - - * 'projectOwners': Owners of the enclosing project. - - - * 'projectReaders': Readers of the enclosing project. - - - * 'projectWriters': Writers of the enclosing project. - - - * 'allAuthenticatedUsers': All authenticated BigQuery users. + source: + description: Uncompiled proto files associated with the descriptor + set, used for display purposes (server-side compilation is + not supported). These should match the inputs to 'protoc' + command used to generate fileDescriptorSet. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the + file. + type: string + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. + type: string + required: + - contents + - path + type: object + type: array + required: + - fileDescriptorSet + type: object + type: array + managedServiceConfigs: + description: |- + Optional. Service Configuration files. At least one must be included when using gRPC service definitions. See https://cloud.google.com/endpoints/docs/grpc/grpc-service-config#service_configuration_overview for the expected file contents. + If multiple files are specified, the files are merged with the following rules: * All singular scalar fields are merged using "last one wins" semantics in the order of the files uploaded. * Repeated fields are concatenated. * Singular embedded messages are merged using these rules for nested fields. + items: + properties: + contents: + description: Immutable. Base64 encoded content of the file. type: string - userByEmail: - description: |- - An email address of a user to grant access to. For example: - fred@example.com. + path: + description: Immutable. The file path (full or relative path). + This is typically the path of the file when it is uploaded. type: string - view: - description: |- - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + required: + - contents + - path + type: object + type: array + openapiDocuments: + description: OpenAPI specification documents. If specified, grpcServices + and managedServiceConfigs must not be included. + items: + properties: + document: + description: The OpenAPI Specification document file. properties: - datasetId: - description: The ID of the dataset containing this table. - type: string - projectId: - description: The ID of the project containing this table. + contents: + description: Immutable. Base64 encoded content of the file. type: string - tableId: - description: |- - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + path: + description: Immutable. The file path (full or relative + path). This is typically the path of the file when it + is uploaded. type: string required: - - datasetId - - projectId - - tableId + - contents + - path type: object + required: + - document type: object type: array - defaultEncryptionConfiguration: - description: |- - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - defaultPartitionExpirationMs: - description: |- - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - - - Once this property is set, all newly-created partitioned tables in - the dataset will have an 'expirationMs' property in the 'timePartitioning' - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of 'defaultTableExpirationMs' - for partitioned tables: only one of 'defaultTableExpirationMs' and - 'defaultPartitionExpirationMs' will be used for any new partitioned - table. If you provide an explicit 'timePartitioning.expirationMs' when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - type: integer - defaultTableExpirationMs: - description: |- - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - - - Once this property is set, all newly-created tables in the dataset - will have an 'expirationTime' property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the 'expirationTime' for a given - table is reached, that table will be deleted automatically. - If a table's 'expirationTime' is modified or removed before the - table expires, or if you provide an explicit 'expirationTime' when - creating a table, that value takes precedence over the default - expiration time indicated by this property. + resourceID: + description: Immutable. Optional. The apiConfigId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - api + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The resource name of the API Config. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - description: - description: A user-friendly description of the dataset. + serviceConfigId: + description: The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). type: string - friendlyName: - description: A descriptive name for the dataset. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigatewayapis.apigateway.cnrm.cloud.google.com +spec: + group: apigateway.cnrm.cloud.google.com + names: + categories: + - gcp + kind: APIGatewayAPI + plural: apigatewayapis + shortNames: + - gcpapigatewayapi + - gcpapigatewayapis + singular: apigatewayapi + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-visible name for the API. type: string - location: + managedService: description: |- - Immutable. The geographic location where the dataset should reside. - See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). - - - There are two types of locations, regional or multi-regional. A regional - location is a specific geographic place, such as Tokyo, and a multi-regional - location is a large geographic area, such as the United States, that - contains at least two geographic places. - - - The default value is multi-regional location 'US'. - Changing this forces a new resource to be created. - type: string - maxTimeTravelHours: - description: Defines the time travel window in hours. The value can - be from 48 to 168 hours (2 to 7 days). + Immutable. Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. type: string projectRef: description: The project that this resource belongs to. @@ -2778,10 +3387,12 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The datasetId of the resource. Used + description: Immutable. Optional. The apiId of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - projectRef type: object status: properties: @@ -2811,19 +3422,12 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this dataset was created, in milliseconds since the - epoch. - type: integer - etag: - description: A hash of the resource. + createTime: + description: Creation timestamp in RFC3339 text format. + type: string + name: + description: The resource name of the API. Format 'projects/{{project}}/locations/global/apis/{{apiId}}'. type: string - lastModifiedTime: - description: |- - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -2831,9 +3435,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -2850,25 +3454,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryjobs.bigquery.cnrm.cloud.google.com + name: apigatewaygateways.apigateway.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigateway.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryJob - plural: bigqueryjobs + kind: APIGatewayGateway + plural: apigatewaygateways shortNames: - - gcpbigqueryjob - - gcpbigqueryjobs - singular: bigqueryjob + - gcpapigatewaygateway + - gcpapigatewaygateways + singular: apigatewaygateway preserveUnknownFields: false scope: Namespaced versions: @@ -2888,7 +3492,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -2906,687 +3510,232 @@ spec: type: object spec: properties: - copy: - description: Immutable. Copies a table. + apiConfig: + description: |- + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig}. + When changing api configs please ensure the new config is a new resource and the lifecycle rule 'create_before_destroy' is set. + type: string + displayName: + description: A user-visible name for the API. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: Immutable. The destination table. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - sourceTables: - description: Immutable. Source tables to copy. - items: - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - sourceTables - type: object - extract: - description: Immutable. Configures an extract job. - properties: - compression: - description: |- - Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - type: string - destinationFormat: - description: |- - Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - destinationUris: - description: Immutable. A list of fully-qualified Google Cloud - Storage URIs where the extracted table should be written. - items: - type: string - type: array - fieldDelimiter: - description: |- - Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ','. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - printHeader: - description: Immutable. Whether to print out a header row in the - results. Default is true. - type: boolean - sourceTable: - description: Immutable. A reference to the table being exported. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - useAvroLogicalTypes: - description: Immutable. Whether to use logical types when extracting - to AVRO format. - type: boolean - required: - - destinationUris type: object - jobTimeoutMs: - description: Immutable. Job timeout in milliseconds. If this time - limit is exceeded, BigQuery may attempt to terminate the job. + region: + description: Immutable. The region of the gateway for the API. type: string - load: - description: Immutable. Configures a load job. + resourceID: + description: Immutable. Optional. The gatewayId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - apiConfig + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultHostname: + description: The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + type: string + name: + description: 'Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeaddonsconfigs.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeAddonsConfig + plural: apigeeaddonsconfigs + shortNames: + - gcpapigeeaddonsconfig + - gcpapigeeaddonsconfigs + singular: apigeeaddonsconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - allowJaggedRows: - description: |- - Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - type: boolean - allowQuotedNewlines: - description: |- - Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - autodetect: - description: Immutable. Indicates if we should automatically infer - the options and schema for CSV and JSON sources. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). + advancedApiOpsConfig: + description: Configuration for the Monetization add-on. properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - destinationTable: - description: Immutable. The destination table to load the data - into. + apiSecurityConfig: + description: Configuration for the Monetization add-on. properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: string type: object - encoding: - description: |- - Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - type: string - fieldDelimiter: - description: |- - Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - type: string - ignoreUnknownValues: - description: |- - Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names. - type: boolean - jsonExtension: - description: |- - Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - type: string - maxBadRecords: - description: |- - Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - type: integer - nullMarker: - description: |- - Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - type: string - projectionFields: - description: |- - Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - items: - type: string - type: array - quote: - description: |- - Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - skipLeadingRows: - description: |- - Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - type: integer - sourceFormat: - description: |- - Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - type: string - sourceUris: - description: |- - Immutable. The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. - items: - type: string - type: array - timePartitioning: - description: Immutable. Time-based partitioning specification - for the destination table. + connectorsPlatformConfig: + description: Configuration for the Monetization add-on. properties: - expirationMs: - description: Immutable. Number of milliseconds for which to - keep the storage for a partition. A wrapper is used here - because 0 is an invalid value. - type: string - field: - description: |- - Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - type: string - type: - description: |- - Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + expiresAt: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. type: string - required: - - type type: object - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - destinationTable - - sourceUris + integrationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object + monetizationConfig: + description: Configuration for the Monetization add-on. + properties: + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean + type: object type: object - location: - description: Immutable. The geographic location of the job. The default - value is US. + org: + description: Immutable. Name of the Apigee organization. type: string - query: - description: Immutable. Configures a query job. - properties: - allowLargeResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - type: boolean - createDisposition: - description: |- - Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. - type: string - defaultDataset: - description: Immutable. Specifies the default dataset to use for - unqualified table names in the query. Note that this does not - alter behavior of unqualified dataset names. - properties: - datasetRef: - description: A reference to the dataset. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryDataset` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - datasetRef - type: object - destinationEncryptionConfiguration: - description: Immutable. Custom encryption configuration (e.g., - Cloud KMS keys). - properties: - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect - destination BigQuery table. The BigQuery Service Account associated - with your project requires access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: Describes the Cloud KMS encryption key version - used to protect destination BigQuery table. - type: string - required: - - kmsKeyRef - type: object - destinationTable: - description: |- - Immutable. Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - properties: - tableRef: - description: A reference to the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `BigQueryTable` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - tableRef - type: object - flattenResults: - description: |- - Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - type: boolean - maximumBillingTier: - description: |- - Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: integer - maximumBytesBilled: - description: |- - Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - type: string - parameterMode: - description: Immutable. Standard SQL only. Set to POSITIONAL to - use positional (?) query parameters or to NAMED to use named - (@myparam) query parameters in this query. - type: string - priority: - description: 'Immutable. Specifies a priority for the query. Default - value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' - type: string - query: - description: |- - Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) - ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. - type: string - schemaUpdateOptions: - description: |- - Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - items: - type: string - type: array - scriptOptions: - description: Immutable. Options controlling the execution of scripts. - properties: - keyResultStatement: - description: |- - Immutable. Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. - type: string - statementByteBudget: - description: Immutable. Limit on the number of bytes billed - per statement. Exceeding this budget results in an error. - type: string - statementTimeoutMs: - description: Immutable. Timeout period for each statement - in a script. - type: string - type: object - useLegacySql: - description: |- - Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - type: boolean - useQueryCache: - description: |- - Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - type: boolean - userDefinedFunctionResources: - description: Immutable. Describes user-defined function resources - used in the query. - items: - properties: - inlineCode: - description: |- - Immutable. An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - type: string - resourceUri: - description: Immutable. A code resource to load from a Google - Cloud Storage URI (gs://bucket/path). - type: string - type: object - type: array - writeDisposition: - description: |- - Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. - type: string - required: - - query - type: object resourceID: - description: Immutable. Optional. The jobId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - org type: object status: properties: @@ -3616,9 +3765,6 @@ spec: type: string type: object type: array - jobType: - description: The type of the job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3626,55 +3772,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: The status of this job. Examine this value when polling - an asynchronous job to see if the job is complete. - items: - properties: - errorResult: - description: Final error result of the job. If present, indicates - that the job has completed and was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - errors: - description: |- - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - items: - properties: - location: - description: Specifies where the error occurred, if present. - type: string - message: - description: A human-readable description of the error. - type: string - reason: - description: A short error code that summarizes the error. - type: string - type: object - type: array - state: - description: Running state of the job. Valid states include - 'PENDING', 'RUNNING', and 'DONE'. - type: string - type: object - type: array - userEmail: - description: Email address of the user who ran the job. - type: string type: object + required: + - spec type: object served: true storage: true @@ -3691,25 +3791,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigqueryroutines.bigquery.cnrm.cloud.google.com + name: apigeeendpointattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryRoutine - plural: bigqueryroutines + kind: ApigeeEndpointAttachment + plural: apigeeendpointattachments shortNames: - - gcpbigqueryroutine - - gcpbigqueryroutines - singular: bigqueryroutine + - gcpapigeeendpointattachment + - gcpapigeeendpointattachments + singular: apigeeendpointattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3729,7 +3829,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -3747,147 +3847,26 @@ spec: type: object spec: properties: - arguments: - description: Input/output argument of a function or a stored procedure. - items: - properties: - argumentKind: - description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" - Possible values: ["FIXED_TYPE", "ANY_TYPE"].' - type: string - dataType: - description: |- - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>**NOTE**: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - type: string - mode: - description: 'Specifies whether the argument is input or output. - Can be set for procedures only. Possible values: ["IN", "OUT", - "INOUT"].' - type: string - name: - description: The name of this argument. Can be absent for function - return argument. - type: string - type: object - type: array - datasetRef: - description: The ID of the dataset containing this routine. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - definitionBody: - description: |- - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - type: string - description: - description: The description of the routine if defined. - type: string - determinismLevel: - description: 'The determinism level of the JavaScript UDF if defined. - Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", - "NOT_DETERMINISTIC"].' + location: + description: Immutable. Location of the endpoint attachment. type: string - importedLibraries: + orgId: description: |- - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - items: - type: string - type: array - language: - description: 'The language of the routine. Possible values: ["SQL", - "JAVASCRIPT"].' + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. type: string - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: - description: Immutable. Optional. The routineId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - returnTableType: - description: |- - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - type: string - returnType: - description: |- - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. + description: Immutable. Optional. The endpointAttachmentId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. type: string - routineType: - description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", - "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + serviceAttachment: + description: 'Immutable. Format: projects/*/regions/*/serviceAttachments/*.' type: string required: - - datasetRef - - definitionBody - - projectRef + - location + - orgId + - serviceAttachment type: object status: properties: @@ -3917,16 +3896,19 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time when this routine was created, in milliseconds since the - epoch. - type: integer - lastModifiedTime: + connectionState: + description: State of the endpoint attachment connection to the service + attachment. + type: string + host: + description: Host that can be used in either HTTP Target Endpoint + directly, or as the host in Target Server. + type: string + name: description: |- - The time when this routine was modified, in milliseconds since the - epoch. - type: integer + Name of the Endpoint Attachment in the following format: + organizations/{organization}/endpointAttachments/{endpointAttachment}. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -3953,25 +3935,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigquerytables.bigquery.cnrm.cloud.google.com + name: apigeeenvgroupattachments.apigee.cnrm.cloud.google.com spec: - group: bigquery.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigQueryTable - plural: bigquerytables + kind: ApigeeEnvgroupAttachment + plural: apigeeenvgroupattachments shortNames: - - gcpbigquerytable - - gcpbigquerytables - singular: bigquerytable + - gcpapigeeenvgroupattachment + - gcpapigeeenvgroupattachments + singular: apigeeenvgroupattachment preserveUnknownFields: false scope: Namespaced versions: @@ -3991,7 +3973,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4009,326 +3991,153 @@ spec: type: object spec: properties: - clustering: - description: Specifies column names to use for data clustering. Up - to four top-level columns are allowed, and should be specified in - descending priority order. + envgroupId: + description: |- + Immutable. The Apigee environment group associated with the Apigee environment, + in the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'. + type: string + environment: + description: Immutable. The resource ID of the environment. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - envgroupId + - environment + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigQueryDataset` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: The field description. + name: + description: The name of the newly created attachment (output parameter). type: string - encryptionConfiguration: - description: Immutable. Specifies how the table should be encrypted. - If left blank, the table will be encrypted with a Google-managed - key; that process is transparent to the user. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyVersion: - description: The self link or full name of the kms key version - used to encrypt this table. - type: string - required: - - kmsKeyRef - type: object - expirationTime: - description: The time when this table expires, in milliseconds since - the epoch. If not present, the table will persist indefinitely. - Expired tables will be deleted and their storage reclaimed. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer - externalDataConfiguration: - description: Describes the data format, location, and other properties - of a table stored outside of BigQuery. By defining these properties, - the data source can then be queried as if it were a standard BigQuery - table. - properties: - autodetect: - description: Let BigQuery try to autodetect the schema and format - of the table. - type: boolean - avroOptions: - description: Additional options if source_format is set to "AVRO". - properties: - useAvroLogicalTypes: - description: If sourceFormat is set to "AVRO", indicates whether - to interpret logical types as the corresponding BigQuery - data type (for example, TIMESTAMP), instead of using the - raw type (for example, INTEGER). - type: boolean - required: - - useAvroLogicalTypes - type: object - compression: - description: The compression type of the data source. Valid values - are "NONE" or "GZIP". - type: string - connectionId: - description: The connection specifying the credentials to be used - to read external storage, such as Azure Blob, Cloud Storage, - or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" - or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". - type: string - csvOptions: - description: Additional properties to set if source_format is - set to "CSV". - properties: - allowJaggedRows: - description: Indicates if BigQuery should accept rows that - are missing trailing optional columns. - type: boolean - allowQuotedNewlines: - description: Indicates if BigQuery should allow quoted data - sections that contain newline characters in a CSV file. - The default value is false. - type: boolean - encoding: - description: The character encoding of the data. The supported - values are UTF-8 or ISO-8859-1. - type: string - fieldDelimiter: - description: The separator for fields in a CSV file. - type: string - quote: - type: string - skipLeadingRows: - description: The number of rows at the top of a CSV file that - BigQuery will skip when reading the data. - type: integer - required: - - quote - type: object - googleSheetsOptions: - description: Additional options if source_format is set to "GOOGLE_SHEETS". - properties: - range: - description: 'Range of a sheet to query from. Only used when - non-empty. At least one of range or skip_leading_rows must - be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" - For example: "sheet1!A1:B20".' - type: string - skipLeadingRows: - description: The number of rows at the top of the sheet that - BigQuery will skip when reading the data. At least one of - range or skip_leading_rows must be set. - type: integer - type: object - hivePartitioningOptions: - description: When set, configures hive partitioning support. Not - all storage formats support hive partitioning -- requesting - hive partitioning on an unsupported format will lead to an error, - as will providing an invalid specification. - properties: - mode: - description: When set, what mode of hive partitioning to use - when reading data. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require - a partition filter that can be used for partition elimination - to be specified. - type: boolean - sourceUriPrefix: - description: When hive partition detection is requested, a - common for all source uris must be required. The prefix - must end immediately before the partition key encoding begins. - type: string - type: object - ignoreUnknownValues: - description: Indicates if BigQuery should allow extra values that - are not represented in the table schema. If true, the extra - values are ignored. If false, records with extra columns are - treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default - value is false. - type: boolean - maxBadRecords: - description: The maximum number of bad records that BigQuery can - ignore when reading data. - type: integer - referenceFileSchemaUri: - description: 'When creating an external table, the user can provide - a reference file with the table schema. This is enabled for - the following formats: AVRO, PARQUET, ORC.' - type: string - schema: - description: Immutable. A JSON schema for the external table. - Schema is required for CSV and JSON formats and is disallowed - for Google Cloud Bigtable, Cloud Datastore backups, and Avro - formats when using external tables. - type: string - sourceFormat: - description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", - "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". - To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' - type: string - sourceUris: - description: A list of the fully-qualified URIs that point to - your data in Google Cloud. - items: - type: string - type: array - required: - - autodetect - - sourceFormat - - sourceUris - type: object - friendlyName: - description: A descriptive name for the table. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: apigeeenvgroups.apigee.cnrm.cloud.google.com +spec: + group: apigee.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ApigeeEnvgroup + plural: apigeeenvgroups + shortNames: + - gcpapigeeenvgroup + - gcpapigeeenvgroups + singular: apigeeenvgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + hostnames: + description: Hostnames of the environment group. + items: + type: string + type: array + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee environment group, + in the format 'organizations/{{org_name}}'. type: string - materializedView: - description: If specified, configures this table as a materialized - view. - properties: - enableRefresh: - description: Specifies if BigQuery should automatically refresh - materialized view when the base table is updated. The default - is true. - type: boolean - query: - description: Immutable. A query whose result is persisted. - type: string - refreshIntervalMs: - description: Specifies maximum frequency at which this materialized - view will be refreshed. The default is 1800000. - type: integer - required: - - query - type: object - rangePartitioning: - description: If specified, configures range-based partitioning for - this table. - properties: - field: - description: Immutable. The field used to determine how to create - a range-based partition. - type: string - range: - description: Information required to partition based on ranges. - Structure is documented below. - properties: - end: - description: End of the range partitioning, exclusive. - type: integer - interval: - description: The width of each range within the partition. - type: integer - start: - description: Start of the range partitioning, inclusive. - type: integer - required: - - end - - interval - - start - type: object - required: - - field - - range - type: object resourceID: - description: Immutable. Optional. The tableId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schema: - description: A JSON schema for the table. - type: string - timePartitioning: - description: If specified, configures time-based partitioning for - this table. - properties: - expirationMs: - description: Number of milliseconds for which to keep the storage - for a partition. - type: integer - field: - description: Immutable. The field used to determine how to create - a time-based partition. If time-based partitioning is enabled - without this value, the table is partitioned based on the load - time. - type: string - requirePartitionFilter: - description: If set to true, queries over this table require a - partition filter that can be used for partition elimination - to be specified. - type: boolean - type: - description: The supported types are DAY, HOUR, MONTH, and YEAR, - which will generate one partition per day, hour, month, and - year, respectively. - type: string - required: - - type - type: object - view: - description: If specified, configures this table as a view. - properties: - query: - description: A query that BigQuery executes when the view is referenced. - type: string - useLegacySql: - description: Specifies whether to use BigQuery's legacy SQL for - this view. The default value is true. If set to false, the view - will use BigQuery's standard SQL. - type: boolean - required: - - query - type: object required: - - datasetRef + - orgId type: object status: properties: @@ -4358,33 +4167,6 @@ spec: type: string type: object type: array - creationTime: - description: The time when this table was created, in milliseconds - since the epoch. - type: integer - etag: - description: A hash of the resource. - type: string - lastModifiedTime: - description: The time when this table was last modified, in milliseconds - since the epoch. - type: integer - location: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: string - numBytes: - description: The geographic location where the table resides. This - value is inherited from the dataset. - type: integer - numLongTermBytes: - description: The number of bytes in the table that are considered - "long-term storage". - type: integer - numRows: - description: The number of rows of data in this table, excluding any - data in the streaming buffer. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4392,12 +4174,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - type: - description: Describes the table type. - type: string type: object required: - spec @@ -4417,25 +4193,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: bigtableappprofiles.bigtable.cnrm.cloud.google.com + name: apigeeenvironments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableAppProfile - plural: bigtableappprofiles + kind: ApigeeEnvironment + plural: apigeeenvironments shortNames: - - gcpbigtableappprofile - - gcpbigtableappprofiles - singular: bigtableappprofile + - gcpapigeeenvironment + - gcpapigeeenvironments + singular: apigeeenvironment preserveUnknownFields: false scope: Namespaced versions: @@ -4473,11 +4249,8 @@ spec: type: object spec: properties: - description: - description: Long form description of the use case for this app profile. - type: string - instanceRef: - description: The instance to create the app profile within. + apigeeOrganizationRef: + description: Immutable. oneOf: - not: required: @@ -4494,8 +4267,10 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' + description: |- + The apigee organization for the resource + + Allowed value: The Google Cloud resource name of an `ApigeeOrganization` resource (format: `organizations/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -4504,39 +4279,25 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - multiClusterRoutingClusterIds: - description: The set of clusters to route to. The order is ignored; - clusters will be tried in order of distance. If left empty, all - clusters are eligible. - items: + description: + description: Optional. Description of the environment. + type: string + displayName: + description: Optional. Display name for this environment. + type: string + properties: + additionalProperties: type: string - type: array - multiClusterRoutingUseAny: - description: |- - If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available - in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes - consistency to improve availability. - type: boolean + description: Optional. Key-value pairs that may be used for customizing + the environment. + type: object resourceID: - description: Immutable. Optional. The appProfileId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - singleClusterRouting: - description: Use a single-cluster routing policy. - properties: - allowTransactionalWrites: - description: |- - If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. - It is unsafe to send these requests to the same table/row/column in multiple clusters. - type: boolean - clusterId: - description: The cluster to which read/write requests should be - routed. - type: string - required: - - clusterId - type: object + required: + - apigeeOrganizationRef type: object status: properties: @@ -4566,10 +4327,16 @@ spec: type: string type: object type: array - name: - description: The unique name of the requested app profile. Values - are of the form 'projects//instances//appProfiles/'. - type: string + createdAt: + description: Output only. Creation time of this environment as milliseconds + since epoch. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Last modification time of this environment + as milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4577,7 +4344,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Output only. State of the environment. Values other + than ACTIVE means the resource is not ready to use. Possible values: + STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string type: object + required: + - spec type: object served: true storage: true @@ -4594,25 +4368,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com + name: apigeeinstanceattachments.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableGCPolicy - plural: bigtablegcpolicies + kind: ApigeeInstanceAttachment + plural: apigeeinstanceattachments shortNames: - - gcpbigtablegcpolicy - - gcpbigtablegcpolicies - singular: bigtablegcpolicy + - gcpapigeeinstanceattachment + - gcpapigeeinstanceattachments + singular: apigeeinstanceattachment preserveUnknownFields: false scope: Namespaced versions: @@ -4632,7 +4406,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4650,116 +4424,22 @@ spec: type: object spec: properties: - columnFamily: - description: Immutable. The name of the column family. + environment: + description: Immutable. The resource ID of the environment. type: string - deletionPolicy: - description: "The deletion policy for the GC policy. Setting ABANDON - allows the resource\n\t\t\t\tto be abandoned rather than deleted. - This is useful for GC policy as it cannot be deleted\n\t\t\t\tin - a replicated instance. Possible values are: \"ABANDON\"." + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organisations/{{org_name}}/instances/{{instance_name}}'. type: string - gcRules: - description: Serialized JSON string for garbage collection policy. - Conflicts with "mode", "max_age" and "max_version". + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxAge: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all cells - older than the given age.' - items: - properties: - days: - description: DEPRECATED. Deprecated in favor of duration. Immutable. - Number of days before applying GC policy. - type: integer - duration: - description: Immutable. Duration before applying GC policy. - type: string - type: object - type: array - maxVersion: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. GC policy that applies to all versions - of a cell except for the most recent.' - items: - properties: - number: - description: Immutable. Number of version before applying the - GC policy. - type: integer - required: - - number - type: object - type: array - mode: - description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and - should be preferred over this field for new resources. This field - may be deprecated in the future. If multiple policies are set, you - should choose between UNION OR INTERSECTION.' - type: string - tableRef: - description: The name of the table. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - columnFamily - - instanceRef - - tableRef + - environment + - instanceId type: object status: properties: @@ -4789,6 +4469,9 @@ spec: type: string type: object type: array + name: + description: The name of the newly created attachment (output parameter). + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -4815,25 +4498,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtableinstances.bigtable.cnrm.cloud.google.com + name: apigeeinstances.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableInstance - plural: bigtableinstances + kind: ApigeeInstance + plural: apigeeinstances shortNames: - - gcpbigtableinstance - - gcpbigtableinstances - singular: bigtableinstance + - gcpapigeeinstance + - gcpapigeeinstances + singular: apigeeinstance preserveUnknownFields: false scope: Namespaced versions: @@ -4853,7 +4536,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -4871,121 +4554,58 @@ spec: type: object spec: properties: - cluster: - description: A block of cluster configuration options. This can be - specified at least once. + consumerAcceptList: + description: |- + Immutable. Optional. Customer accept list represents the list of projects (id/number) on customer + side that can privately connect to the service attachment. It is an optional field + which the customers can provide during the instance creation. By default, the customer + project associated with the Apigee organization will be included to the list. items: - properties: - autoscalingConfig: - description: A list of Autoscaling configurations. Only one - element is used and allowed. - properties: - cpuTarget: - description: The target CPU utilization for autoscaling. - Value must be between 10 and 80. - type: integer - maxNodes: - description: The maximum number of nodes for autoscaling. - type: integer - minNodes: - description: The minimum number of nodes for autoscaling. - type: integer - storageTarget: - description: The target storage utilization for autoscaling, - in GB, for each node in a cluster. This number is limited - between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster - and between 8192 (8TiB) and 16384 (16 TiB) for an HDD - cluster. If not set, whatever is already set for the cluster - will not change, or if the cluster is just being created, - it will use the default value of 2560 for SSD clusters - and 8192 for HDD clusters. - type: integer - required: - - cpuTarget - - maxNodes - - minNodes - type: object - clusterId: - description: The ID of the Cloud Bigtable cluster. Must be 6-30 - characters and must only contain hyphens, lowercase letters - and numbers. - type: string - kmsKeyRef: - description: |- - Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable - cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains - this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. - 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. - 3) All clusters within an instance must use the same CMEK key access to this encryption key. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - numNodes: - description: The number of nodes in your Cloud Bigtable cluster. - Required, with a minimum of 1 for each cluster in an instance. - type: integer - storageType: - description: The storage type to use. One of "SSD" or "HDD". - Defaults to "SSD". - type: string - zone: - description: The zone to create the Cloud Bigtable cluster in. - Each cluster must have a different zone in the same region. - Zones that support Bigtable instances are noted on the Cloud - Bigtable locations page. - type: string - required: - - clusterId - - zone - type: object + type: string type: array - deletionProtection: - description: DEPRECATED. This field no longer serves any function - and is intended to be dropped in a later version of the resource. - type: boolean + description: + description: Immutable. Description of the instance. + type: string + diskEncryptionKeyName: + description: |- + Immutable. Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. + Use the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'. + type: string displayName: - description: The human-readable display name of the Bigtable instance. - Defaults to the instance name. + description: Immutable. Display name of the instance. type: string - instanceType: - description: DEPRECATED. It is recommended to leave this field unspecified - since the distinction between "DEVELOPMENT" and "PRODUCTION" instances - is going away, and all instances will become "PRODUCTION" instances. - This means that new and existing "DEVELOPMENT" instances will be - converted to "PRODUCTION" instances. It is recommended for users - to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" - instance is functionally identical to a "DEVELOPMENT" instance, - but without the accompanying restrictions. The instance type to - create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". + ipRange: + description: |- + Immutable. IP range represents the customer-provided CIDR block of length 22 that will be used for + the Apigee instance creation. This optional range, if provided, should be freely + available as part of larger named range the customer has allocated to the Service + Networking peering. If this is not provided, Apigee will automatically request for any + available /22 CIDR block from Service Networking. The customer should use this CIDR block + for configuring their firewall needs to allow traffic from Apigee. + Input format: "a.b.c.d/22". + type: string + location: + description: Immutable. Required. Compute Engine location where the + instance resides. + type: string + orgId: + description: |- + Immutable. The Apigee Organization associated with the Apigee instance, + in the format 'organizations/{{org_name}}'. + type: string + peeringCidrRange: + description: |- + Immutable. The size of the CIDR block range that will be reserved by the instance. For valid values, + see [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - orgId type: object status: properties: @@ -5015,6 +4635,10 @@ spec: type: string type: object type: array + host: + description: Output only. Hostname or IP address of the exposed Apigee + endpoint used by clients to connect to the service. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5022,7 +4646,18 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + port: + description: Output only. Port number of the exposed Apigee endpoint. + type: string + serviceAttachment: + description: |- + Output only. Resource name of the service attachment created for the instance in + the format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately + forward traffic to this service attachment using the PSC endpoints. + type: string type: object + required: + - spec type: object served: true storage: true @@ -5039,25 +4674,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: bigtabletables.bigtable.cnrm.cloud.google.com + name: apigeenataddresses.apigee.cnrm.cloud.google.com spec: - group: bigtable.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BigtableTable - plural: bigtabletables + kind: ApigeeNATAddress + plural: apigeenataddresses shortNames: - - gcpbigtabletable - - gcpbigtabletables - singular: bigtabletable + - gcpapigeenataddress + - gcpapigeenataddresses + singular: apigeenataddress preserveUnknownFields: false scope: Namespaced versions: @@ -5077,7 +4712,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5095,64 +4730,18 @@ spec: type: object spec: properties: - columnFamily: - description: A group of columns within a table which share a common - configuration. This can be specified multiple times. - items: - properties: - family: - description: The name of the column family. - type: string - required: - - family - type: object - type: array - deletionProtection: - description: A field to make the table protected against data loss - i.e. when set to PROTECTED, deleting the table, the column families - in the table, and the instance containing the table would be prohibited. - If not provided, currently deletion protection will be set to UNPROTECTED - as it is the API default value. + instanceId: + description: |- + Immutable. The Apigee instance associated with the Apigee environment, + in the format 'organizations/{{org_name}}/instances/{{instance_name}}'. type: string - instanceRef: - description: The name of the Bigtable instance. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `BigtableInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - splitKeys: - items: - type: string - type: array required: - - instanceRef + - instanceId type: object status: properties: @@ -5182,6 +4771,9 @@ spec: type: string type: object type: array + ipAddress: + description: The allocated NAT IP address. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5189,6 +4781,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State of the NAT IP address. + type: string type: object required: - spec @@ -5208,25 +4803,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com + name: apigeeorganizations.apigee.cnrm.cloud.google.com spec: - group: billingbudgets.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BillingBudgetsBudget - plural: billingbudgetsbudgets + kind: ApigeeOrganization + plural: apigeeorganizations shortNames: - - gcpbillingbudgetsbudget - - gcpbillingbudgetsbudgets - singular: billingbudgetsbudget + - gcpapigeeorganization + - gcpapigeeorganizations + singular: apigeeorganization preserveUnknownFields: false scope: Namespaced versions: @@ -5264,120 +4859,31 @@ spec: type: object spec: properties: - allUpdatesRule: - description: Optional. Rules to apply to notifications sent based - on budget spend and thresholds. + addonsConfig: + description: Addon configurations of the Apigee organization. properties: - disableDefaultIamRecipients: - description: Optional. When set to true, disables default notifications - sent when a threshold is exceeded. Default notifications are - sent to those with Billing Account Administrator and Billing - Account User IAM roles for the target account. - type: boolean - monitoringNotificationChannels: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `MonitoringNotificationChannel` resource (format: - `projects/{{project}}/notificationChannels/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - pubsubTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + advancedApiOpsConfig: + description: Configuration for the Advanced API Ops add-on. properties: - external: - description: |- - Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - schemaVersion: - description: Optional. Required when NotificationsRule.pubsub_topic - is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. - Only "1.0" is accepted. It represents the JSON schema as defined - in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. - type: string - type: object - amount: - description: Required. Budgeted amount. - properties: - lastPeriodAmount: - description: Use the last period's actual spend as the budget - for the present period. LastPeriodAmount can only be set when - the budget's time period is a . + enabled: + description: Flag that specifies whether the Advanced API + Ops add-on is enabled. + type: boolean type: object - x-kubernetes-preserve-unknown-fields: true - specifiedAmount: - description: A specified amount to use as the budget. `currency_code` - is optional. If specified when creating a budget, it must match - the currency of the billing account. If specified when updating - a budget, it must match the currency_code of the existing budget. - The `currency_code` is provided on output. + monetizationConfig: + description: Configuration for the Monetization add-on. properties: - currencyCode: - description: Immutable. The three-letter currency code defined - in ISO 4217. - type: string - nanos: - description: Number of nano (10^-9) units of the amount. The - value must be between -999,999,999 and +999,999,999 inclusive. - If `units` is positive, `nanos` must be positive or zero. - If `units` is zero, `nanos` can be positive, zero, or negative. - If `units` is negative, `nanos` must be negative or zero. - For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. - format: int64 - type: integer - units: - description: The whole units of the amount. For example if - `currencyCode` is `"USD"`, then 1 unit is one US dollar. - format: int64 - type: integer + enabled: + description: Flag that specifies whether the Monetization + add-on is enabled. + type: boolean type: object type: object - billingAccountRef: - description: Immutable. + analyticsRegion: + description: Immutable. Required. Primary GCP region for analytics + data storage. For valid values, see (https://cloud.google.com/apigee/docs/api-platform/get-started/create-org). + type: string + authorizedNetworkRef: oneOf: - not: required: @@ -5395,221 +4901,114 @@ spec: properties: external: description: |- - The billing account of the resource + Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See (https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid. - Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). type: string name: - description: |- - [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - budgetFilter: - description: Optional. Filters that define which resources are used - to compute the actual spend against the budget amount, such as projects, - services, and the budget's time period, as well as other filters. + description: + description: Description of the Apigee organization. + type: string + displayName: + description: Display name for the Apigee organization. + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - calendarPeriod: - description: 'Optional. Specifies to track usage for recurring - calendar period. For example, assume that CalendarPeriod.QUARTER - is set. The budget will track usage from April 1 to June 30, - when the current calendar month is April, May, June. After that, - it will track usage from July 1 to September 30 when the current - calendar month is July, August, September, so on. Possible values: - CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + external: + description: |- + Required. Name of the GCP project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: projects/ Authorization requires the following IAM permission on the specified resource parent: apigee.organizations.create + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - creditTypes: - description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, - this is a list of credit types to be subtracted from gross cost - to determine the spend for threshold calculations. See a list - of acceptable credit type values. If Filter.credit_types_treatment - is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. - items: - type: string - type: array - creditTypesTreatment: - description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - customPeriod: - description: Optional. Specifies to track usage from any start - date (required) to any end date (optional). This time period - is static, it does not recur. - properties: - endDate: - description: Immutable. Optional. The end date of the time - period. Budgets with elapsed end date won't be processed. - If unset, specifies to track all usage incurred since the - start_date. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - startDate: - description: Immutable. Required. The start date must be after - January 1, 2017. - properties: - day: - description: Immutable. Day of a month. Must be from 1 - to 31 and valid for the year and month, or 0 to specify - a year by itself or a year and month where the day isn't - significant. - format: int64 - type: integer - month: - description: Immutable. Month of a year. Must be from - 1 to 12, or 0 to specify a year without a month and - day. - format: int64 - type: integer - year: - description: Immutable. Year of the date. Must be from - 1 to 9999, or 0 to specify a date without a year. - format: int64 - type: integer - type: object - required: - - startDate - type: object - labels: - additionalProperties: - properties: - values: - description: Immutable. The values of the label - items: - type: string - type: array - type: object - description: Optional. A single label and value pair specifying - that usage from only this set of labeled resources should be - included in the budget. Currently, multiple entries or multiple - values per entry are not allowed. If omitted, the report will - include all labeled and unlabeled usage. - type: object - projects: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - services: - description: 'Optional. A set of services of the form `services/{service_id}`, - specifying that usage from only this set of services should - be included in the budget. If omitted, the report will include - usage for all the services. The service names are available - through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' - items: - type: string - type: array - subaccounts: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - type: string - name: - description: |- - [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array type: object - displayName: - description: User data for display name in UI. The name must be less - than or equal to 60 characters. - type: string + properties: + additionalProperties: + type: string + description: Properties defined in the Apigee organization profile. + type: object resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - thresholdRules: - description: Optional. Rules that trigger alerts (notifications of - thresholds being crossed) when spend exceeds the specified percentages - of the budget. - items: - properties: - spendBasis: - description: 'Optional. The type of basis used to determine - if spend has passed the threshold. Behavior defaults to CURRENT_SPEND - if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, - FORECASTED_SPEND' - type: string - thresholdPercent: - description: 'Required. Send an alert when this threshold is - exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: - non-negative number.' - format: double - type: number + runtimeDatabaseEncryptionKeyRef: + oneOf: + - not: + required: + - external required: - - thresholdPercent - type: object - type: array + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. Required when (#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + runtimeType: + description: 'Immutable. Required. Runtime type of the Apigee organization + based on the Apigee subscription purchased. Possible values: RUNTIME_TYPE_UNSPECIFIED, + CLOUD, HYBRID' + type: string required: - - amount - - billingAccountRef + - analyticsRegion + - projectRef + - runtimeType type: object status: properties: + billingType: + description: 'Output only. Billing type of the Apigee organization. + See (https://cloud.google.com/apigee/pricing). Possible values: + BILLING_TYPE_UNSPECIFIED, SUBSCRIPTION, EVALUATION' + type: string + caCertificate: + description: Output only. Base64-encoded public certificate for the + root CA of the Apigee organization. Valid only when (#RuntimeType) + is `CLOUD`. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -5636,11 +5035,26 @@ spec: type: string type: object type: array - etag: - description: Optional. Etag to validate that the object is unchanged - for a read-modify-write operation. An empty etag will cause an update - to overwrite other changes. - type: string + createdAt: + description: Output only. Time that the Apigee organization was created + in milliseconds since epoch. + format: int64 + type: integer + environments: + description: Output only. List of environments in the Apigee organization. + items: + type: string + type: array + expiresAt: + description: Output only. Time that the Apigee organization is scheduled + for deletion. + format: int64 + type: integer + lastModifiedAt: + description: Output only. Time that the Apigee organization was last + modified in milliseconds since epoch. + format: int64 + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5648,6 +5062,22 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + projectId: + description: Output only. Project ID associated with the Apigee organization. + type: string + state: + description: 'Output only. State of the organization. Values other + than ACTIVE means the resource is not ready to use. Possible values: + SNAPSHOT_STATE_UNSPECIFIED, MISSING, OK_DOCSTORE, OK_SUBMITTED, + OK_EXTERNAL, DELETED' + type: string + subscriptionType: + description: 'Output only. DEPRECATED: This will eventually be replaced + by BillingType. Subscription type of the Apigee organization. Valid + values include trial (free, limited, and for evaluation purposes + only) or paid (full subscription has been purchased). See (https://cloud.google.com/apigee/pricing/). + Possible values: SUBSCRIPTION_TYPE_UNSPECIFIED, PAID, TRIAL' + type: string type: object required: - spec @@ -5667,25 +5097,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: apigeesyncauthorizations.apigee.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: apigee.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationAttestor - plural: binaryauthorizationattestors + kind: ApigeeSyncAuthorization + plural: apigeesyncauthorizations shortNames: - - gcpbinaryauthorizationattestor - - gcpbinaryauthorizationattestors - singular: binaryauthorizationattestor + - gcpapigeesyncauthorization + - gcpapigeesyncauthorizations + singular: apigeesyncauthorization preserveUnknownFields: false scope: Namespaced versions: @@ -5705,7 +5135,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5723,145 +5153,25 @@ spec: type: object spec: properties: - description: - description: Optional. A descriptive comment. This field may be updated. - The field may be displayed in chooser dialogs. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + identities: + description: |- + Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + The 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com + + You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. + + The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts). + items: + type: string + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - userOwnedDrydockNote: - description: This specifies how an attestation will be read, and how - it will be used during policy enforcement. - properties: - noteRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. - - Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicKeys: - description: Optional. Public keys that verify attestations signed - by this attestor. This field may be updated. If this field is - non-empty, one of the specified public keys must verify that - an attestation was signed by this attestor for the image specified - in the admission request. If this field is empty, this attestor - always returns that no valid attestations exist. - items: - properties: - asciiArmoredPgpPublicKey: - description: ASCII-armored representation of a PGP public - key, as the entire output by the command `gpg --export - --armor foo@example.com` (either LF or CRLF line endings). - When using this field, `id` should be left blank. The - BinAuthz API handlers will calculate the ID and fill it - in automatically. BinAuthz computes this ID as the OpenPGP - RFC4880 V4 fingerprint, represented as upper-case hex. - If `id` is provided by the caller, it will be overwritten - by the API-calculated ID. - type: string - comment: - description: Optional. A descriptive comment. This field - may be updated. - type: string - id: - description: The ID of this public key. Signatures verified - by BinAuthz must include the ID of the public key that - can be used to verify them, and that ID must match the - contents of this field exactly. Additional restrictions - on this field can be imposed based on which public key - type is encapsulated. See the documentation on `public_key` - cases below for details. - type: string - pkixPublicKey: - description: 'A raw PKIX SubjectPublicKeyInfo format public - key. NOTE: `id` may be explicitly provided by the caller - when using this type of public key, but it MUST be a valid - RFC3986 URI. If `id` is left blank, a default one will - be computed based on the digest of the DER encoding of - the public key.' - properties: - publicKeyPem: - description: A PEM-encoded public key, as described - in https://tools.ietf.org/html/rfc7468#section-13 - type: string - signatureAlgorithm: - description: 'The signature algorithm used to verify - a message against a signature using this key. These - signature algorithm must match the structure and any - object identifiers encoded in `public_key_pem` (i.e. - this algorithm must match that of the public key). - Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, - RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, - ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, - EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' - type: string - type: object - type: object - type: array - required: - - noteRef - type: object required: - - projectRef + - identities type: object status: properties: @@ -5891,6 +5201,11 @@ spec: type: string type: object type: array + etag: + description: |- + Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. + Used internally during updates. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -5898,24 +5213,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. Time when the attestor was last updated. - format: date-time - type: string - userOwnedDrydockNote: - properties: - delegationServiceAccountEmail: - description: Output only. This field will contain the service - account email address that this Attestor will use as the principal - when querying Container Analysis. Attestor administrators must - grant this service account the IAM role needed to read attestations - from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). - This email address is fixed for the lifetime of the Attestor, - but callers should not make any other assumptions about the - service account email; future versions may use an email based - on a different naming pattern. - type: string - type: object type: object required: - spec @@ -5935,25 +5232,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginedomainmappings.appengine.cnrm.cloud.google.com spec: - group: binaryauthorization.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: BinaryAuthorizationPolicy - plural: binaryauthorizationpolicies + kind: AppEngineDomainMapping + plural: appenginedomainmappings shortNames: - - gcpbinaryauthorizationpolicy - - gcpbinaryauthorizationpolicies - singular: binaryauthorizationpolicy + - gcpappenginedomainmapping + - gcpappenginedomainmappings + singular: appenginedomainmapping preserveUnknownFields: false scope: Namespaced versions: @@ -5973,7 +5270,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -5991,312 +5288,203 @@ spec: type: object spec: properties: - admissionWhitelistPatterns: - description: Optional. Admission policy allowlisting. A matching admission - request will always be permitted. This feature is typically used - to exclude Google or third-party infrastructure images from Binary - Authorization policies. + overrideStrategy: + description: |- + Whether the domain creation should override any existing mappings for this domain. + By default, overrides are rejected. Default value: "STRICT" Possible values: ["STRICT", "OVERRIDE"]. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The domainName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslSettings: + description: SSL configuration for this domain. If unconfigured, this + domain will not serve with SSL. + properties: + certificateId: + description: |- + ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will + remove SSL support. + By default, a managed certificate is automatically created for every domain mapping. To omit SSL support + or to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be + authorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource. + Example: 12345. + type: string + pendingManagedCertificateId: + description: |- + ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new + managed certificate has been successfully provisioned, the previous SSL state will be preserved. Once the + provisioning process completes, the 'certificateId' field will reflect the new managed certificate and this + field will be left empty. To remove SSL support while there is still a pending managed certificate, clear the + 'certificateId' field with an update request. + type: string + sslManagementType: + description: |- + SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned. + If 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: ["AUTOMATIC", "MANUAL"]. + type: string + required: + - sslManagementType + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - namePattern: - description: An image name pattern to allowlist, in the form - `registry/path/to/image`. This supports a trailing `*` as - a wildcard, but this is allowed only in text after the `registry/` - part. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - clusterAdmissionRules: - additionalProperties: + name: + description: 'Full path to the DomainMapping resource in the API. + Example: apps/myapp/domainMapping/example.com.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + resourceRecords: + description: |- + The resource records required to configure this domain mapping. These records must be added to the domain's DNS + configuration in order to serve the application via this domain mapping. + items: properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + name: + description: 'Relative name of the object affected by this record. + Only applicable for CNAME records. Example: ''www''.' type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + rrdata: + description: Data for this record. Values vary by record type, + as defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1). + type: string + type: + description: 'Resource record type. Example: ''AAAA''. Possible + values: ["A", "AAAA", "CNAME"].' type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode type: object - description: 'Optional. Per-cluster admission rules. Cluster spec - format: location.clusterId. There can be at most one admission rule - per cluster spec. A location is either a compute zone (e.g. us-central1-a) - or a region (e.g. us-central1). For clusterId syntax restrictions - see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' - type: object - defaultAdmissionRule: - description: Required. Default admission rule for a cluster without - a per-cluster, per-kubernetes-service-account, or per-istio-service-identity - admission rule. - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appenginefirewallrules.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineFirewallRule + plural: appenginefirewallrules + shortNames: + - gcpappenginefirewallrule + - gcpappenginefirewallrules + singular: appenginefirewallrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: 'The action to take if this rule matches. Possible values: + ["UNSPECIFIED_ACTION", "ALLOW", "DENY"].' + type: string description: - description: Optional. A descriptive comment. + description: An optional string description of this rule. type: string - globalPolicyEvaluationMode: - description: 'Optional. Controls the evaluation of a Google-maintained - global admission policy for common system-level images. Images not - covered by the global policy will be subject to the project admission - policy. This setting has no effect when specified inside a global - admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, - ENABLE, DISABLE' + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRange: + description: IP address or range, defined using CIDR notation, of + requests that this rule applies to. type: string - istioServiceIdentityAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-istio-service-identity admission rules. - Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ - e.g. spiffe://example.com/ns/test-ns/sa/default' - type: object - kubernetesNamespaceAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-namespace admission rules. - K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' - type: object - kubernetesServiceAccountAdmissionRules: - additionalProperties: - properties: - enforcementMode: - description: 'Required. The action when a pod creation is denied - by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, - ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' - type: string - evaluationMode: - description: 'Required. How this admission rule will be evaluated. - Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' - type: string - requireAttestationsBy: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource - name of a `BinaryAuthorizationAttestor` resource (format: - `projects/{{project}}/attestors/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - enforcementMode - - evaluationMode - type: object - description: 'Optional. Per-kubernetes-service-account admission rules. - Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the resource. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - defaultAdmissionRule - - projectRef + - action + - sourceRange type: object status: properties: @@ -6333,14 +5521,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. The resource name, in the format `projects/*/policy`. - There is at most one policy per project. - type: string - updateTime: - description: Output only. Time when the policy was last updated. - format: date-time - type: string type: object required: - spec @@ -6360,25 +5540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com + name: appengineflexibleappversions.appengine.cnrm.cloud.google.com spec: - group: cloudbuild.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudBuildTrigger - plural: cloudbuildtriggers + kind: AppEngineFlexibleAppVersion + plural: appengineflexibleappversions shortNames: - - gcpcloudbuildtrigger - - gcpcloudbuildtriggers - singular: cloudbuildtrigger + - gcpappengineflexibleappversion + - gcpappengineflexibleappversions + singular: appengineflexibleappversion preserveUnknownFields: false scope: Namespaced versions: @@ -6398,7 +5578,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -6416,1256 +5596,746 @@ spec: type: object spec: properties: - approvalConfig: - description: "Configuration for manual approval to start a build invocation - of this BuildTrigger. \nBuilds created by this trigger will require - approval before they execute. \nAny user with a Cloud Build Approver - role for the project can approve a build." + apiConfig: + description: Serving configuration for Google Cloud Endpoints. properties: - approvalRequired: - description: "Whether or not approval is needed. If this is set - on a build, it will become pending when run, \nand will need - to be explicitly approved to start." - type: boolean + authFailAction: + description: 'Action to take when users access resources that + require authentication. Default value: "AUTH_FAIL_ACTION_REDIRECT" + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Level of login required to access this resource. + Default value: "LOGIN_OPTIONAL" Possible values: ["LOGIN_OPTIONAL", + "LOGIN_ADMIN", "LOGIN_REQUIRED"].' + type: string + script: + description: Path to the script from the application root directory. + type: string + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + url: + description: URL to serve the endpoint at. + type: string + required: + - script type: object - bitbucketServerTriggerConfig: - description: BitbucketServerTriggerConfig describes the configuration - of a trigger that creates a build whenever a Bitbucket Server event - is received. + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - bitbucketServerConfigResourceRef: + coolDownPeriod: description: |- - Only `external` field is supported to configure the reference. + The time period that the Autoscaler should wait before it starts collecting information from a new instance. + This prevents the autoscaler from collecting information when the instance is initializing, + during which the collected usage would not be reliable. Default: 120s. + type: string + cpuUtilization: + description: Target scaling by CPU usage. + properties: + aggregationWindowLength: + description: Period of time over which CPU utilization is + calculated. + type: string + targetUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Must be between 0 and 1. + type: number + required: + - targetUtilization + type: object + diskUtilization: + description: Target scaling by disk usage. + properties: + targetReadBytesPerSecond: + description: Target bytes read per second. + type: integer + targetReadOpsPerSecond: + description: Target ops read per seconds. + type: integer + targetWriteBytesPerSecond: + description: Target bytes written per second. + type: integer + targetWriteOpsPerSecond: + description: Target ops written per second. + type: integer + type: object + maxConcurrentRequests: + description: |- + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - The full resource name of the bitbucket server config. Format: - projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: Maximum amount of time that a request should wait + in the pending queue before starting a new instance to handle + it. + type: string + maxTotalInstances: + description: 'Maximum number of instances that should be started + to handle requests for this version. Default: 20.' + type: integer + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: Minimum amount of time a request should wait in the + pending queue before starting a new instance to handle it. + type: string + minTotalInstances: + description: 'Minimum number of running instances that should + be maintained for this version. Default: 2.' + type: integer + networkUtilization: + description: Target scaling by network usage. properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` - resource.' + targetReceivedBytesPerSecond: + description: Target bytes received per second. + type: integer + targetReceivedPacketsPerSecond: + description: Target packets received per second. + type: integer + targetSentBytesPerSecond: + description: Target bytes sent per second. + type: integer + targetSentPacketsPerSecond: + description: Target packets sent per second. + type: integer + type: object + requestUtilization: + description: Target scaling by request utilization. + properties: + targetConcurrentRequests: + description: Target number of concurrent requests. + type: number + targetRequestCountPerSecond: + description: Target requests per second. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + required: + - cpuUtilization + type: object + betaSettings: + additionalProperties: + type: string + description: Metadata settings that are supplied to this version to + enable beta runtime features. + type: object + defaultExpiration: + description: |- + Duration that static files should be cached by web proxies and browsers. + Only applicable if the corresponding StaticFilesHandler does not specify its own expiration time. + type: string + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. + properties: + cloudBuildOptions: + description: Options for the build operations performed as a part + of the version deployment. Only applicable when creating a version + using source code directly. + properties: + appYamlPath: + description: Path to the yaml file used in deployment, used + to determine runtime configuration details. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cloudBuildTimeout: + description: |- + The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + required: + - appYamlPath type: object - projectKey: - description: 'Key of the project that the repo is in. For example: - The key for https://mybitbucket.server/projects/TEST/repos/test-repo - is "TEST".' - type: string - pullRequest: - description: Filter to match changes in pull requests. + container: + description: The Docker image for the container that runs the + version. properties: - branch: + image: description: |- - Regex of branches to match. - The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment /gcbrun. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest. + Examples: "gcr.io/my-project/image:tag" or "gcr.io/my-project/image@digest". type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean required: - - branch + - image type: object - push: - description: Filter to match changes in refs like branches, tags. + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the gitRef regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. type: string + required: + - sourceUrl type: object - repoSlug: + type: object + endpointsApiService: + description: Code and application artifacts that make up this version. + properties: + configId: description: |- - Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. - For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. + Endpoints service configuration ID as specified by the Service Management API. For example "2016-09-19r1". + + By default, the rollout strategy for Endpoints is "FIXED". This means that Endpoints starts up with a particular configuration ID. + When a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID + and is required in this case. + + Endpoints also has a rollout strategy called "MANAGED". When using this, Endpoints fetches the latest configuration and does not need + the configuration ID. In this case, configId must be omitted. + type: string + disableTraceSampling: + description: Enable or disable trace sampling. By default, this + is set to false for enabled. + type: boolean + name: + description: |- + Endpoints service name which is the name of the "service" resource in the Service Management API. + For example "myapi.endpoints.myproject.cloud.goog". + type: string + rolloutStrategy: + description: 'Endpoints rollout strategy. If FIXED, configId must + be specified. If MANAGED, configId must be omitted. Default + value: "FIXED" Possible values: ["FIXED", "MANAGED"].' type: string required: - - bitbucketServerConfigResourceRef - - projectKey - - repoSlug + - name type: object - build: - description: Contents of the build template. Either a filename or - build template must be provided. + entrypoint: + description: The entrypoint for the application. properties: - artifacts: - description: Artifacts produced by the build that should be uploaded - upon successful completion of all build steps. - properties: - images: - description: |- - A list of images to be pushed upon the successful completion of all build steps. - - The images will be pushed using the builder service account's credentials. - - The digests of the pushed images will be stored in the Build resource's results field. - - If any of the images fail to be pushed, the build is marked FAILURE. - items: + shell: + description: The format should be a shell command that can be + fed to bash -c. + type: string + required: + - shell + type: object + envVariables: + additionalProperties: + type: string + type: object + handlers: + description: |- + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. type: string - type: array - objects: - description: |- - A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. - - Files in the workspace matching specified paths globs will be uploaded to the - Cloud Storage location using the builder service account's credentials. - - The location and generation of the uploaded objects will be stored in the Build resource's results field. - - If any objects fail to be pushed, the build is marked FAILURE. - properties: - location: - description: |- - Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". - - Files in the workspace matching any path pattern will be uploaded to Cloud Storage with - this location as a prefix. + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: |- + Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are + uploaded as static data and are only served to end users; they cannot be read by the application. If enabled, + uploads are charged against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + Default is '0s'. + type: string + httpHeaders: + additionalProperties: type: string - paths: - description: Path globs used to match files in the build's - workspace. - items: - type: string - type: array - timing: - description: Output only. Stores timing information for - pushing all artifact objects. - items: - properties: - endTime: - description: |- - End of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - startTime: - description: |- - Start of time span. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to - nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - type: array - type: object - type: object - availableSecrets: - description: Secrets and secret environment variables. - properties: - secretManager: - description: Pairs a secret environment variable with a SecretVersion - in Secret Manager. - items: - properties: - env: - description: |- - Environment variable name to associate with the secret. Secret environment - variables must be unique across all of a build's secrets, and must be used - by at least one build step. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of - a `SecretManagerSecretVersion` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - env - - versionRef + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". type: object - type: array - required: - - secretManager - type: object - images: + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: |- + Path to the static files matched by the URL pattern, from the application root directory. + The path can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + ManualScaling: B1, B2, B4, B8, B4_1G + Defaults to F1 for AutomaticScaling and B1 for ManualScaling. + type: string + livenessCheck: + description: Health checking configuration for VM instances. Unhealthy + instances are killed and replaced with new instances. + properties: + checkInterval: + description: Interval between health checks. + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + considering the VM unhealthy. Default: 4.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + initialDelay: + description: 'The initial delay before starting to execute the + checks. Default: "300s".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before considering the VM healthy. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. + properties: + instances: description: |- - A list of images to be pushed upon the successful completion of all build steps. - The images are pushed using the builder service account's credentials. - The digests of the pushed images will be stored in the Build resource's results field. - If any of the images fail to be pushed, the build status is marked FAILURE. + Number of instances to assign to the service at the start. + + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances + type: object + network: + description: Extra network settings. + properties: + forwardedPorts: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: type: string type: array - logsBucketRef: + instanceTag: + description: Tag to apply to the instance during creation. + type: string + name: + description: Google Compute Engine network where the virtual machines + are created. Specify the short name, not the resource path. + type: string + sessionAffinity: + description: Enable session affinity. + type: boolean + subnetwork: description: |- - Google Cloud Storage bucket where logs should be written. Logs file - names will be of the format ${logsBucket}/log-${build_id}.txt. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `url` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - options: - description: Special options for this build. - properties: - diskSizeGb: - description: |- - Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; - some of the space will be used by the operating system and build utilities. - Also note that this is the minimum disk size that will be allocated for the build -- - the build may run with a larger disk than requested. At present, the maximum disk size - is 1000GB; builds that request more than the maximum are rejected with an error. - type: integer - dynamicSubstitutions: - description: |- - Option to specify whether or not to apply bash style string operations to the substitutions. - - NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. - type: boolean - env: - description: |- - A list of global environment variable definitions that will exist for all build steps - in this build. If a variable is defined in both globally and in a build step, - the variable will use the build step value. - - The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". - items: - type: string - type: array - logStreamingOption: - description: 'Option to define build log streaming behavior - to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", - "STREAM_ON", "STREAM_OFF"].' - type: string - logging: - description: 'Option to specify the logging mode, which determines - if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", - "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", - "NONE"].' - type: string - machineType: - description: 'Compute Engine machine type on which to run - the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", - "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' - type: string - requestedVerifyOption: - description: 'Requested verifiability options. Possible values: - ["NOT_VERIFIED", "VERIFIED"].' - type: string - secretEnv: - description: |- - A list of global environment variables, which are encrypted using a Cloud Key Management - Service crypto key. These values must be specified in the build's Secret. These variables - will be available to all build steps in this build. - items: - type: string - type: array - sourceProvenanceHash: - description: 'Requested hash for SourceProvenance. Possible - values: ["NONE", "SHA256", "MD5"].' - items: - type: string - type: array - substitutionOption: - description: |- - Option to specify behavior when there is an error in the substitution checks. - - NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden - in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. - type: string - volumes: - description: |- - Global list of volumes to mount for ALL build steps - - Each volume is created as an empty volume prior to starting the build process. - Upon completion of the build, volumes and their contents are discarded. Global - volume names and paths cannot conflict with the volumes defined a build step. - - Using a global volume in a build with only one step is not valid as it is indicative - of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for Docker volumes. - Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on the same - build step or with certain reserved volume paths. - type: string - type: object - type: array - workerPool: - description: |- - Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path. - This field is experimental. - type: string - type: object - queueTtl: - description: "TTL in queue for this build. If provided and the - build is enqueued longer than this value, \nthe build will expire - and the build status will be EXPIRED.\nThe TTL starts ticking - from createTime.\nA duration in seconds with up to nine fractional - digits, terminated by 's'. Example: \"3.5s\"." + If the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range. + If the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network. + If the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork. + If specified, the subnetwork must exist in the same region as the App Engine flexible environment application. type: string - secret: - description: Secrets to decrypt using Cloud Key Management Service. + required: + - name + type: object + nobuildFilesRegex: + description: Files that match this pattern will not be built into + this version. Only applicable for Go runtimes. + type: string + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. + type: string + readinessCheck: + description: Configures readiness health checking for instances. Unhealthy + instances are not put into the backend traffic rotation. + properties: + appStartTimeout: + description: |- + A maximum time limit on application initialization, measured from moment the application successfully + replies to a healthcheck until it is ready to serve traffic. Default: "300s". + type: string + checkInterval: + description: 'Interval between health checks. Default: "5s".' + type: string + failureThreshold: + description: 'Number of consecutive failed checks required before + removing traffic. Default: 2.' + type: number + host: + description: 'Host header to send when performing a HTTP Readiness + check. Example: "myapp.appspot.com".' + type: string + path: + description: The request path. + type: string + successThreshold: + description: 'Number of consecutive successful checks required + before receiving traffic. Default: 2.' + type: number + timeout: + description: 'Time before the check is considered failed. Default: + "4s".' + type: string + required: + - path + type: object + resourceID: + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resources: + description: Machine resources for a version. + properties: + cpu: + description: Number of CPU cores needed. + type: integer + diskGb: + description: Disk size (GB) needed. + type: integer + memoryGb: + description: Memory (GB) needed. + type: number + volumes: + description: List of ports, or port pairs, to forward from the + virtual machine to the application container. items: properties: - kmsKeyRef: - description: KMS crypto key to use to decrypt these envs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - secretEnv: - additionalProperties: - type: string - description: "Map of environment variable name to its encrypted - value.\nSecret environment variables must be unique across - all of a build's secrets, \nand must be used by at least - one build step. Values can be at most 64 KB in size. \nThere - can be at most 100 secret values across all of a build's - secrets." - type: object + name: + description: Unique name for the volume. + type: string + sizeGb: + description: Volume size in gigabytes. + type: integer + volumeType: + description: Underlying volume type, e.g. 'tmpfs'. + type: string required: - - kmsKeyRef + - name + - sizeGb + - volumeType type: object type: array - source: - description: |- - The location of the source files to build. - - One of 'storageSource' or 'repoSource' must be provided. - properties: - repoSource: - description: Location of the source in a Google Cloud Source - Repository. - properties: - branchName: - description: "Regex matching branches to build. Exactly - one a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one - a of branch name, tag, or commit SHA must be provided. - type: string - dir: - description: "Directory, relative to the source root, - in which to run the build.\nThis must be a relative - path. If a step's dir is specified and is an absolute - path, \nthis value is ignored for that step's execution." - type: string - invertRegex: - description: Only trigger a build if the revision regex - does NOT match the revision regex. - type: boolean - projectId: - description: "ID of the project that owns the Cloud Source - Repository. \nIf omitted, the project ID requesting - the build is assumed." - type: string - repoRef: - description: |- - The desired Cloud Source Repository. If omitted, "default" is - assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `SourceRepoRepository` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions to use in a triggered build. - Should only be used with triggers.run. - type: object - tagName: - description: "Regex matching tags to build. Exactly one - a of branch name, tag, or commit SHA must be provided.\nThe - syntax of the regular expressions accepted is the syntax - accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." - type: string - required: - - repoRef - type: object - storageSource: - description: Location of the source in an archive file in - Google Cloud Storage. - properties: - bucketRef: - description: Google Cloud Storage bucket containing the - source. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a - `StorageBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - generation: - description: "Google Cloud Storage generation for the - object. \nIf the generation is omitted, the latest generation - will be used." - type: string - object: - description: |- - Google Cloud Storage object containing the source. - This object must be a gzipped archive file (.tar.gz) containing source to build. - type: string - required: - - bucketRef - - object - type: object - type: object - step: - description: The operations to be performed on the workspace. - items: - properties: - args: - description: |- - A list of arguments that will be presented to the step when it is started. - - If the image used to run the step's container has an entrypoint, the args - are used as arguments to that entrypoint. If the image does not define an - entrypoint, the first element in args is used as the entrypoint, and the - remainder will be used as arguments. - items: - type: string - type: array - dir: - description: |- - Working directory to use when running this step's container. - - If this value is a relative path, it is relative to the build's working - directory. If this value is absolute, it may be outside the build's working - directory, in which case the contents of the path may not be persisted - across build step executions, unless a 'volume' for that path is specified. - - If the build specifies a 'RepoSource' with 'dir' and a step with a - 'dir', - which specifies an absolute path, the 'RepoSource' 'dir' is ignored - for the step's execution. - type: string - entrypoint: - description: |- - Entrypoint to be used instead of the build step image's - default entrypoint. - If unset, the image's default entrypoint is used. - type: string - env: - description: |- - A list of environment variable definitions to be used when - running a step. - - The elements are of the form "KEY=VALUE" for the environment variable - "KEY" being given the value "VALUE". - items: - type: string - type: array - id: - description: |- - Unique identifier for this build step, used in 'wait_for' to - reference this build step as a dependency. - type: string - name: - description: "The name of the container image that will - run this particular build step.\n\nIf the image is available - in the host's Docker daemon's cache, it will be\nrun directly. - If not, the host will attempt to pull the image first, - using\nthe builder service account's credentials if necessary.\n\nThe - Docker daemon's cache will already have the latest versions - of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders - \nfor images and examples).\nThe Docker daemon will also - have cached many of the layers for some popular\nimages, - like \"ubuntu\", \"debian\", but they will be refreshed - at the time\nyou attempt to use them.\n\nIf you built - an image in a previous build step, it will be stored in - the\nhost's Docker daemon's cache and is available to - use as the name for a\nlater build step." - type: string - script: - description: "A shell script to be executed in the step. - \nWhen script is provided, the user cannot specify the - entrypoint or args." - type: string - secretEnv: - description: |- - A list of environment variables which are encrypted using - a Cloud Key - Management Service crypto key. These values must be specified in - the build's 'Secret'. - items: - type: string - type: array - timeout: - description: |- - Time limit for executing this build step. If not defined, - the step has no - time limit and will be allowed to continue to run until either it - completes or the build itself times out. - type: string - timing: - description: |- - Output only. Stores timing information for executing this - build step. - type: string - volumes: - description: |- - List of volumes to mount into the build step. - - Each volume is created as an empty volume prior to execution of the - build step. Upon completion of the build, volumes and their contents - are discarded. - - Using a named volume in only one step is not valid as it is - indicative of a build request with an incorrect configuration. - items: - properties: - name: - description: |- - Name of the volume to mount. - - Volume names must be unique per build step and must be valid names for - Docker volumes. Each named volume must be used by at least two build steps. - type: string - path: - description: |- - Path at which to mount the volume. - - Paths must be absolute and cannot conflict with other volume paths on - the same build step or with certain reserved volume paths. - type: string - required: - - name - - path - type: object - type: array - waitFor: - description: |- - The ID(s) of the step(s) that this build step depends on. - - This build step will not start until all the build steps in 'wait_for' - have completed successfully. If 'wait_for' is empty, this build step - will start when all previous build steps in the 'Build.Steps' list - have completed successfully. - items: - type: string - type: array - required: - - name - type: object - type: array - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a Build. These are not docker - tags. - items: - type: string - type: array - timeout: - description: |- - Amount of time that this build should be allowed to run, to second granularity. - If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. - This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. - The expected format is the number of seconds followed by s. - Default time is ten minutes (600s). - type: string - required: - - step type: object - description: - description: Human-readable description of the trigger. + runtime: + description: Desired runtime. Example python27. type: string - disabled: - description: Whether the trigger is disabled or not. If true, the - trigger will never result in a build. - type: boolean - filename: - description: "Path, from the source root, to a file whose contents - is used for the template. \nEither a filename or build template - must be provided. Set this only when using trigger_template or github.\nWhen - using Pub/Sub, Webhook or Manual set the file name using git_file_source - instead." + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. type: string - filter: - description: A Common Expression Language string. Used only with Pub/Sub - and Webhook. + runtimeChannel: + description: The channel of the runtime to use. Only available for + some runtimes. type: string - gitFileSource: - description: The file source describing the local or remote Build - template. - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: + runtimeMainExecutablePath: + description: The path or name of the app's main executable. + type: string + serviceAccount: + description: |- + The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as + default if this field is neither provided in app.yaml file nor through CLI flag. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: The path of the file, with the repo root as the root - of the path. - type: string - repoType: - description: "The type of the repo, since it may not be explicit - from the repo field (e.g from a URL). \nValues can be UNKNOWN, - CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible - values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", - \"BITBUCKET_SERVER\"]." + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string - revision: - description: "The branch, tag, arbitrary ref, or SHA version of - the repo to use when resolving the \nfilename (optional). This - field respects the same syntax/resolution as described here: - https://git-scm.com/docs/gitrevisions \nIf unspecified, the - revision from which the trigger invocation originated is assumed - to be the revision from which to read the specified path." + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - uri: - description: "The URI of the repo (optional). If unspecified, - the repo from which the trigger \ninvocation originated is assumed - to be the repo from which to read the specified path." + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - path - - repoType type: object - github: - description: |- - Describes the configuration of a trigger that creates a build whenever a GitHub event is received. - - One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + servingStatus: + description: 'Current serving status of this version. Only the versions + with a SERVING status create instances and can be billed. Default + value: "SERVING" Possible values: ["SERVING", "STOPPED"].' + type: string + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - enterpriseConfigResourceNameRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object name: - description: |- - Name of the repository. For example: The name for - https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string - owner: - description: |- - Owner of the repository. For example: The owner for - https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". - type: string - pullRequest: - description: filter to match changes in pull requests. Specify - only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. - type: string - commentControl: - description: 'Whether to block builds on a "/gcbrun" comment - from a repository owner or collaborator. Possible values: - ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - required: - - branch - type: object - push: - description: filter to match changes in refs, like branches or - tags. Specify only one of 'pull_request' or 'push'. - properties: - branch: - description: Regex of branches to match. Specify only one - of branch or tag. - type: string - invertRegex: - description: When true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: Regex of tags to match. Specify only one of - branch or tag. - type: string - type: object + required: + - name type: object - ignoredFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If ignoredFiles and changed files are both empty, then they are not - used to determine whether or not to trigger a build. - - If ignoredFiles is not empty, then we ignore any files that match any - of the ignored_file globs. If the change has no files that are outside - of the ignoredFiles globs, then we do not trigger a build. + required: + - livenessCheck + - readinessCheck + - runtime + - serviceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - type: string + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object type: array - includeBuildLogs: - description: |- - Build logs will be sent back to GitHub as part of the checkrun - result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or - INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + name: + description: Full path to the Version resource in the API. Example, + "v1". type: string - includedFiles: - description: |- - ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match - extended with support for '**'. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is empty, then as far as this filter is concerned, we - should trigger the build. - - If any of the files altered in the commit pass the ignoredFiles filter - and includedFiles is not empty, then we make sure that at least one of - those files matches a includedFiles glob. If not, then we do not trigger - a build. - items: - type: string - type: array - location: - description: |- - Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. - If not specified, "global" is used. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: appengineservicesplittraffics.appengine.cnrm.cloud.google.com +spec: + group: appengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: AppEngineServiceSplitTraffic + plural: appengineservicesplittraffics + shortNames: + - gcpappengineservicesplittraffic + - gcpappengineservicesplittraffics + singular: appengineservicesplittraffic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + migrateTraffic: + description: If set to true traffic will be migrated to this version. + type: boolean + project: + description: Immutable. type: string - pubsubConfig: - description: "PubsubConfig describes the configuration of a trigger - that creates \na build whenever a Pub/Sub message is published.\n\nOne - of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' - or 'source_to_build' must be provided." - properties: - serviceAccountRef: - description: Service account that will make the push request. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. - type: string - subscription: - description: Output only. Name of the subscription. - type: string - topicRef: - description: |- - The name of the topic from which this subscription - is receiving messages. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - repositoryEventConfig: - description: The configuration of a trigger that creates a build whenever - an event from Repo API is received. - properties: - pullRequest: - description: Contains filter properties for matching Pull Requests. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - commentControl: - description: 'Configure builds to run whether a repository - owner or collaborator need to comment ''/gcbrun''. Possible - values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' - type: string - invertRegex: - description: If true, branches that do NOT match the git_ref - will trigger a build. - type: boolean - type: object - push: - description: Contains filter properties for matching git pushes. - properties: - branch: - description: |- - Regex of branches to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - invertRegex: - description: If true, only trigger a build if the revision - regex does NOT match the git_ref regex. - type: boolean - tag: - description: |- - Regex of tags to match. - - The syntax of the regular expressions accepted is the syntax accepted by - RE2 and described at https://github.com/google/re2/wiki/Syntax. - type: string - type: object - repository: - description: The resource name of the Repo API resource. - type: string - type: object - serviceAccountRef: - description: |- - The service account used for all user-controlled operations including - triggers.patch, triggers.run, builds.create, and builds.cancel. - - If no service account is set, then the standard Cloud Build service account - ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. - - When populating via the external field, the following format is supported: - projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, - where {{value}} is the `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceToBuild: - description: "The repo and ref of the repository from which to build. - \nThis field is used only for those triggers that do not respond - to SCM events. \nTriggers that respond to such events build source - at whatever commit caused the event. \nThis field is currently only - used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', - 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' - must be provided." - properties: - githubEnterpriseConfigRef: - description: |- - Only `external` field is supported to configure the reference. - - The full resource name of the github enterprise config. Format: - projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - ref: - description: The branch or tag to use. Must start with "refs/" - (required). - type: string - repoType: - description: |- - The type of the repo, since it may not be explicit from the repo field (e.g from a URL). - Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. - type: string - uri: - description: The URI of the repo (required). - type: string - required: - - ref - - repoType - - uri - type: object - substitutions: - additionalProperties: - type: string - description: Substitutions data for Build resource. - type: object - tags: - description: Tags for annotation of a BuildTrigger. - items: - type: string - type: array - triggerTemplate: - description: |- - Template describing the types of source changes to trigger a build. - - Branch and tag names in trigger templates are interpreted as regular - expressions. Any branch or tag change that matches that regular - expression will trigger a build. - - One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. - properties: - branchName: - description: |- - Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - commitSha: - description: Explicit commit SHA to build. Exactly one of a branch - name, tag, or commit SHA must be provided. - type: string - dir: - description: |- - Directory, relative to the source root, in which to run the build. - - This must be a relative path. If a step's dir is specified and - is an absolute path, this value is ignored for that step's - execution. - type: string - invertRegex: - description: Only trigger a build if the revision regex does NOT - match the revision regex. - type: boolean - repoRef: - description: |- - The Cloud Source Repository to build. If omitted, the repo with - name "default" is assumed. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SourceRepoRepository` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tagName: - description: |- - Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. - This field is a regular expression. - type: string - type: object - webhookConfig: - description: "WebhookConfig describes the configuration of a trigger - that creates \na build whenever a webhook is sent to a trigger's - webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' - 'webhook_config' or 'source_to_build' must be provided." + resourceID: + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + split: + description: Mapping that defines fractional HTTP traffic diversion + to different versions within the service. properties: - secretRef: - description: The secret required - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + allocations: + additionalProperties: + type: string + description: Mapping from version IDs within the service to fractional + (0.000, 1] allocations of traffic for that version. Each version + can be specified only once, but some versions in the service + may not have any traffic allocation. Services that have traffic + allocated cannot be deleted until either the service is deleted + or their traffic allocation is removed. Allocations must sum + to 1. Up to two decimal place precision is supported for IP-based + splits and up to three decimal places is supported for cookie-based + splits. type: object - state: - description: |- - Potential issues with the underlying Pub/Sub subscription configuration. - Only populated on get requests. + shardBy: + description: 'Mechanism used to determine which version a request + is sent to. The traffic selection algorithm will be stable for + either type until allocations are changed. Possible values: + ["UNSPECIFIED", "COOKIE", "IP", "RANDOM"].' type: string required: - - secretRef + - allocations type: object + required: + - split type: object status: properties: @@ -7695,9 +6365,6 @@ spec: type: string type: object type: array - createTime: - description: Time when the trigger was created. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -7705,10 +6372,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - triggerId: - description: The unique identifier for the trigger. - type: string type: object + required: + - spec type: object served: true storage: true @@ -7725,25 +6391,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: appenginestandardappversions.appengine.cnrm.cloud.google.com spec: - group: cloudfunctions.cnrm.cloud.google.com + group: appengine.cnrm.cloud.google.com names: categories: - gcp - kind: CloudFunctionsFunction - plural: cloudfunctionsfunctions + kind: AppEngineStandardAppVersion + plural: appenginestandardappversions shortNames: - - gcpcloudfunctionsfunction - - gcpcloudfunctionsfunctions - singular: cloudfunctionsfunction + - gcpappenginestandardappversion + - gcpappenginestandardappversions + singular: appenginestandardappversion preserveUnknownFields: false scope: Namespaced versions: @@ -7763,7 +6429,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -7781,193 +6447,294 @@ spec: type: object spec: properties: - availableMemoryMb: - description: 'Memory (in MB), available to the function. Default value - is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' - format: int64 - type: integer - description: - description: User-provided description of a function. - type: string - entryPoint: - description: |- - Immutable. The name of the function (as defined in source code) that will be - executed. Defaults to the resource name suffix, if not specified. For - backward compatibility, if function with given name is not found, then the - system will try to use function named "function". - For Node.js this is name of a function exported by the module specified - in `source_location`. - type: string - environmentVariables: - additionalProperties: - type: string - description: Environment variables that shall be available during - function execution. - type: object - eventTrigger: - description: Immutable. A source that fires events in response to - a condition in another service. + appEngineApis: + description: Allows App Engine second generation runtimes to access + the legacy bundled services. + type: boolean + automaticScaling: + description: Automatic scaling is based on request rate, response + latencies, and other application metrics. properties: - eventType: + maxConcurrentRequests: description: |- - Immutable. Required. The type of event to observe. For example: - `providers/cloud.storage/eventTypes/object.change` and - `providers/cloud.pubsub/eventTypes/topic.publish`. - - Event types match pattern `providers/*/eventTypes/*.*`. - The pattern contains: + Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance. - 1. namespace: For example, `cloud.storage` and - `google.firebase.analytics`. - 2. resource type: The type of resource on which event occurs. For - example, the Google Cloud Storage API includes the type `object`. - 3. action: The action that generates the event. For example, action for - a Google Cloud Storage Object is 'change'. - These parts are lower case. + Defaults to a runtime-specific value. + type: integer + maxIdleInstances: + description: Maximum number of idle instances that should be maintained + for this version. + type: integer + maxPendingLatency: + description: |- + Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string - failurePolicy: - description: Immutable. Specifies policy for failed executions. - type: boolean - resourceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + minIdleInstances: + description: Minimum number of idle instances that should be maintained + for this version. Only applicable for the default version of + a service. + type: integer + minPendingLatency: + description: |- + Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + standardSchedulerSettings: + description: Scheduler settings for standard environment. properties: - external: - description: |- - Required. The resource(s) from which to observe events, for example, - `projects/_/buckets/myBucket`. - - Not all syntactically correct values are accepted by all services. For - example: - - 1. The authorization model must support it. Google Cloud Functions - only allows EventTriggers to be deployed that observe resources in the - same project as the `Function`. - 2. The resource type must match the pattern expected for an - `event_type`. For example, an `EventTrigger` that has an - `event_type` of "google.pubsub.topic.publish" should have a resource - that matches Google Cloud Pub/Sub topics. - - Additionally, some services may support short names when creating an - `EventTrigger`. These will always be returned in the normalized "long" - format. - - See each *service's* documentation for supported formats. - - Allowed values: - * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: Maximum number of instances to run for this version. + Set to zero to disable maxInstances configuration. + type: integer + minInstances: + description: Minimum number of instances to run for this version. + Set to zero to disable minInstances configuration. + type: integer + targetCpuUtilization: + description: Target CPU utilization ratio to maintain when + scaling. Should be a value in the range [0.50, 0.95], zero, + or a negative value. + type: number + targetThroughputUtilization: + description: Target throughput utilization ratio to maintain + when scaling. Should be a value in the range [0.50, 0.95], + zero, or a negative value. + type: number type: object - service: + type: object + basicScaling: + description: Basic scaling creates instances when your application + receives requests. Each instance will be shut down when the application + becomes idle. Basic scaling is ideal for work that is intermittent + or driven by user activity. + properties: + idleTimeout: description: |- - Immutable. The hostname of the service that should be observed. - - If no string is provided, the default service implementing the API will - be used. For example, `storage.googleapis.com` is the default for all - event types in the `google.storage` namespace. + Duration of time after the last request that an instance must wait before the instance is shut down. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. type: string + maxInstances: + description: Maximum number of instances to create for this version. + Must be in the range [1.0, 200.0]. + type: integer required: - - eventType - - resourceRef + - maxInstances type: object - httpsTrigger: - description: Immutable. An HTTPS endpoint type of source that can - be triggered via URL. + deleteServiceOnDestroy: + description: If set to 'true', the service will be deleted if it is + the last version. + type: boolean + deployment: + description: Code and application artifacts that make up this version. properties: - securityLevel: - description: 'Immutable. Both HTTP and HTTPS requests with URLs - that match the handler succeed without redirects. The application - can examine the request to determine which protocol was used - and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, - SECURE_ALWAYS, SECURE_OPTIONAL' + files: + description: |- + Manifest of the files stored in Google Cloud Storage that are included as part of this version. + All files must be readable using the credentials supplied with this call. + items: + properties: + name: + type: string + sha1Sum: + description: SHA1 checksum of the file. + type: string + sourceUrl: + description: Source URL. + type: string + required: + - name + - sourceUrl + type: object + type: array + zip: + description: Zip File. + properties: + filesCount: + description: files count. + type: integer + sourceUrl: + description: Source URL. + type: string + required: + - sourceUrl + type: object + type: object + entrypoint: + description: The entrypoint for the application. + properties: + shell: + description: The format should be a shell command that can be + fed to bash -c. type: string + required: + - shell type: object - ingressSettings: - description: |- - The ingress settings for the function, controlling what traffic can reach - it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB - type: string - maxInstances: + envVariables: + additionalProperties: + type: string + description: Environment variables available to the application. + type: object + handlers: description: |- - The limit on the maximum number of function instances that may coexist at a - given time. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + An ordered list of URL-matching patterns that should be applied to incoming requests. + The first matching URL handles the request and other request handlers are not attempted. + items: + properties: + authFailAction: + description: 'Actions to take when the user is not logged in. + Possible values: ["AUTH_FAIL_ACTION_REDIRECT", "AUTH_FAIL_ACTION_UNAUTHORIZED"].' + type: string + login: + description: 'Methods to restrict access to a URL based on login + status. Possible values: ["LOGIN_OPTIONAL", "LOGIN_ADMIN", + "LOGIN_REQUIRED"].' + type: string + redirectHttpResponseCode: + description: '30x code to use when performing redirects for + the secure field. Possible values: ["REDIRECT_HTTP_RESPONSE_CODE_301", + "REDIRECT_HTTP_RESPONSE_CODE_302", "REDIRECT_HTTP_RESPONSE_CODE_303", + "REDIRECT_HTTP_RESPONSE_CODE_307"].' + type: string + script: + description: |- + Executes a script to handle the requests that match this URL pattern. + Only the auto value is supported for Node.js in the App Engine standard environment, for example "script:" "auto". + properties: + scriptPath: + description: Path to the script from the application root + directory. + type: string + required: + - scriptPath + type: object + securityLevel: + description: 'Security (HTTPS) enforcement for this URL. Possible + values: ["SECURE_DEFAULT", "SECURE_NEVER", "SECURE_OPTIONAL", + "SECURE_ALWAYS"].' + type: string + staticFiles: + description: Files served directly to the user for a given URL, + such as images, CSS stylesheets, or JavaScript source files. + Static file handlers describe which files in the application + directory are static files, and which URLs serve them. + properties: + applicationReadable: + description: |- + Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as + static data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged + against both your code and static data storage resource quotas. + type: boolean + expiration: + description: |- + Time a static file served by this handler should be cached by web proxies and browsers. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "3.5s". + type: string + httpHeaders: + additionalProperties: + type: string + description: |- + HTTP headers to use for all responses from these URLs. + An object containing a list of "key:value" value pairs.". + type: object + mimeType: + description: |- + MIME type used to serve all files served by this handler. + Defaults to file-specific MIME types, which are derived from each file's filename extension. + type: string + path: + description: Path to the static files matched by the URL + pattern, from the application root directory. The path + can refer to text matched in groupings in the URL pattern. + type: string + requireMatchingFile: + description: Whether this handler should match the request + if the file referenced by the handler does not exist. + type: boolean + uploadPathRegex: + description: Regular expression that matches the file paths + for all files that should be referenced by this handler. + type: string + type: object + urlRegex: + description: |- + URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings. + All URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path. + type: string + type: object + type: array + inboundServices: + description: 'A list of the types of messages that this application + is able to receive. Possible values: ["INBOUND_SERVICE_MAIL", "INBOUND_SERVICE_MAIL_BOUNCE", + "INBOUND_SERVICE_XMPP_ERROR", "INBOUND_SERVICE_XMPP_MESSAGE", "INBOUND_SERVICE_XMPP_SUBSCRIBE", + "INBOUND_SERVICE_XMPP_PRESENCE", "INBOUND_SERVICE_CHANNEL_PRESENCE", + "INBOUND_SERVICE_WARMUP"].' + items: + type: string + type: array + instanceClass: + description: |- + Instance class that is used to run this version. Valid values are + AutomaticScaling: F1, F2, F4, F4_1G + BasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8 + Defaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen. + type: string + libraries: + description: Configuration for third-party Python runtime libraries + that are required by the application. + items: + properties: + name: + description: Name of the library. Example "django". + type: string + version: + description: Version of the library to select, or "latest". + type: string + type: object + type: array + manualScaling: + description: A service with manual scaling runs continuously, allowing + you to perform complex initialization and rely on the state of its + memory over time. properties: - external: + instances: description: |- - The project id of the function. + Number of instances to assign to the service at the start. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + **Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2 + Modules API set_num_instances() you must use 'lifecycle.ignore_changes = ["manual_scaling"[0].instances]' to prevent drift detection. + type: integer + required: + - instances type: object - region: - description: Immutable. The name of the Cloud Functions region of - the function. + noopOnDestroy: + description: If set to 'true', the application version will not be + deleted. + type: boolean + project: + description: Immutable. type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The versionId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string runtime: - description: | - The runtime in which to run the function. Required when deploying a new - function, optional when updating an existing function. For a complete - list of possible choices, see the - [`gcloud` command - reference](/sdk/gcloud/reference/functions/deploy#--runtime). + description: Desired runtime. Example python27. type: string - serviceAccountRef: - description: Immutable. + runtimeApiVersion: + description: |- + The version of the API in the given runtime environment. + Please see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard//config/appref'\ + Substitute '' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'. + type: string + serviceAccount: + description: The identity that the deployed version will run as. Admin + API will use the App Engine Appspot service account as default if + this field is neither provided in app.yaml file nor through CLI + flag. + type: string + serviceRef: oneOf: - not: required: @@ -7984,11 +6751,8 @@ spec: - external properties: external: - description: |- - The email of the function's service account. If empty, defaults to - `{project_id}@appspot.gserviceaccount.com`. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. + description: 'Allowed value: The `name` field of an `AppEngineService` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -7997,80 +6761,28 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - sourceArchiveUrl: - description: Immutable. The Google Cloud Storage URL, starting with - gs://, pointing to the zip archive which contains the function. - type: string - sourceRepository: - description: Immutable. Represents parameters related to source repository - where a function is hosted. - properties: - url: - description: |- - Immutable. The URL pointing to the hosted repository where the function is defined. - There are supported Cloud Source Repository URLs in the following - formats: - - To refer to a specific commit: - `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` - To refer to a moveable alias (branch): - `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` - In particular, to refer to HEAD use `master` moveable alias. - To refer to a specific fixed alias (tag): - `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` - - You may omit `paths/*` if you want to use the main directory. - type: string - required: - - url - type: object - timeout: - description: |- - The function execution timeout. Execution is considered failed and - can be terminated if the function is not completed at the end of the - timeout period. Defaults to 60 seconds. - type: string - vpcConnectorEgressSettings: - description: |- - The egress settings for the connector, controlling what traffic is diverted - through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC - type: string - vpcConnectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + threadsafe: + description: Whether multiple requests can be dispatched to this version + at once. + type: boolean + vpcAccessConnector: + description: Enables VPC connectivity for standard apps. properties: - external: - description: |- - The VPC Network Connector that this cloud function can connect to. It can - be either the fully-qualified URI, or the short name of the network - connector resource. The format of this field is - `projects/*/locations/*/connectors/*` - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + egressSetting: + description: The egress setting for the connector, controlling + what traffic is diverted through it. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1. type: string + required: + - name type: object required: - - projectRef - - region + - deployment + - entrypoint - runtime + - serviceRef type: object status: properties: @@ -8100,12 +6812,10 @@ spec: type: string type: object type: array - httpsTrigger: - properties: - url: - description: Output only. The deployed url for the function. - type: string - type: object + name: + description: Full path to the Version resource in the API. Example, + "v1". + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8113,31 +6823,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceRepository: - properties: - deployedUrl: - description: |- - Output only. The URL pointing to the hosted repository where the function - were defined at the time of deployment. It always points to a specific - commit in the format described above. - type: string - type: object - status: - description: 'Output only. Status of the function deployment. Possible - values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, - DELETE_IN_PROGRESS, UNKNOWN' - type: string - updateTime: - description: Output only. The last update timestamp of a Cloud Function - in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up - to nine fractional digits. - type: string - versionId: - description: |- - Output only. The version identifier of the Cloud Function. Each deployment attempt - results in a new version of a function being created. - format: int64 - type: integer type: object required: - spec @@ -8157,25 +6842,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com + name: artifactregistryrepositories.artifactregistry.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: artifactregistry.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityGroup - plural: cloudidentitygroups + kind: ArtifactRegistryRepository + plural: artifactregistryrepositories shortNames: - - gcpcloudidentitygroup - - gcpcloudidentitygroups - singular: cloudidentitygroup + - gcpartifactregistryrepository + - gcpartifactregistryrepositories + singular: artifactregistryrepository preserveUnknownFields: false scope: Namespaced versions: @@ -8214,81 +6899,181 @@ spec: spec: properties: description: - description: |- - An extended description to help users determine the purpose of a Group. - Must not be longer than 4,096 characters. + description: The user-provided description of the repository. type: string - displayName: - description: The display name of the Group. + dockerConfig: + description: Docker repository config contains repository level configuration + for the repositories of docker type. + properties: + immutableTags: + description: The repository which enabled this flag prevents all + tags from being modified, moved or deleted. This does not prevent + tags from being created. + type: boolean + type: object + format: + description: |- + Immutable. The format of packages that are stored in the repository. Supported formats + can be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats). + You can only create alpha formats if you are a member of the + [alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access). type: string - groupKey: - description: Immutable. EntityKey of the Group. + kmsKeyRef: + description: |- + The customer managed encryption key that’s used to encrypt the + contents of the Repository. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - id: - description: |- - Immutable. The ID of the entity. - - For Google-managed entities, the id must be the email address of an existing - group or user. - - For external-identity-mapped entities, the id must be a string conforming - to the Identity Source's requirements. - - Must be unique within a namespace. + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: |- - Immutable. The namespace in which the entity exists. - - If not specified, the EntityKey represents a Google-managed entity - such as a Google user or a Google Group. - - If specified, the EntityKey represents an external-identity-mapped group. - The namespace must correspond to an identity source created in Admin Console - and must be in the form of 'identitysources/{identity_source_id}'. + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - id type: object - initialGroupConfig: - description: |- - Immutable. The initial configuration options for creating a Group. - - See the - [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) - for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. + location: + description: Immutable. The name of the location this repository is + located in. type: string - labels: - additionalProperties: - type: string + mavenConfig: description: |- - One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - - Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. - - Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. - - Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + properties: + allowSnapshotOverwrites: + description: |- + Immutable. The repository with this flag will allow publishing the same + snapshot versions. + type: boolean + versionPolicy: + description: 'Immutable. Version policy defines the versions that + the registry will accept. Default value: "VERSION_POLICY_UNSPECIFIED" + Possible values: ["VERSION_POLICY_UNSPECIFIED", "RELEASE", "SNAPSHOT"].' + type: string type: object - parent: - description: |- - Immutable. The resource name of the entity under which this Group resides in the - Cloud Identity resource hierarchy. - - Must be of the form identitysources/{identity_source_id} for external-identity-mapped - groups or customers/{customer_id} for Google Groups. + mode: + description: 'Immutable. The mode configures the repository to serve + artifacts from different sources. Default value: "STANDARD_REPOSITORY" + Possible values: ["STANDARD_REPOSITORY", "VIRTUAL_REPOSITORY", "REMOTE_REPOSITORY"].' type: string + remoteRepositoryConfig: + description: Immutable. Configuration specific for a Remote Repository. + properties: + description: + description: Immutable. The description of the remote source. + type: string + dockerRepository: + description: Immutable. Specific settings for a Docker remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "DOCKER_HUB" Possible values: ["DOCKER_HUB"].' + type: string + type: object + mavenRepository: + description: Immutable. Specific settings for a Maven remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "MAVEN_CENTRAL" Possible values: ["MAVEN_CENTRAL"].' + type: string + type: object + npmRepository: + description: Immutable. Specific settings for an Npm remote repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "NPMJS" Possible values: ["NPMJS"].' + type: string + type: object + pythonRepository: + description: Immutable. Specific settings for a Python remote + repository. + properties: + publicRepository: + description: 'Immutable. Address of the remote repository. + Default value: "PYPI" Possible values: ["PYPI"].' + type: string + type: object + type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The repositoryId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + virtualRepositoryConfig: + description: Configuration specific for a Virtual Repository. + properties: + upstreamPolicies: + description: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + items: + properties: + id: + description: The user-provided ID of the upstream policy. + type: string + priority: + description: Entries with a greater priority value take + precedence in the pull order. + type: integer + repositoryRef: + description: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repositories/repo1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/locations/{{location}}/repositories/{{value}}`, + where {{value}} is the `name` field of an `ArtifactRegistryRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + type: object required: - - groupKey - - labels - - parent + - format + - location type: object status: properties: @@ -8319,12 +7104,12 @@ spec: type: object type: array createTime: - description: The time when the Group was created. + description: The time when the repository was created. type: string name: description: |- - Resource name of the Group in the format: groups/{group_id}, where group_id - is the unique ID assigned to the Group. + The name of the repository, for example: + "repo1". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -8334,7 +7119,7 @@ spec: the resource. type: integer updateTime: - description: The time when the Group was last updated. + description: The time when the repository was last updated. type: string type: object required: @@ -8355,25 +7140,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnections.beyondcorp.cnrm.cloud.google.com spec: - group: cloudidentity.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudIdentityMembership - plural: cloudidentitymemberships + kind: BeyondCorpAppConnection + plural: beyondcorpappconnections shortNames: - - gcpcloudidentitymembership - - gcpcloudidentitymemberships - singular: cloudidentitymembership + - gcpbeyondcorpappconnection + - gcpbeyondcorpappconnections + singular: beyondcorpappconnection preserveUnknownFields: false scope: Namespaced versions: @@ -8393,7 +7178,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8411,8 +7196,54 @@ spec: type: object spec: properties: - groupRef: - description: Immutable. + applicationEndpoint: + description: Address of the remote application endpoint for the BeyondCorp + AppConnection. + properties: + host: + description: Hostname or IP address of the remote application + endpoint. + type: string + port: + description: Port of the remote application endpoint. + type: integer + required: + - host + - port + type: object + connectors: + description: List of AppConnectors that are authorised to be associated + with this AppConnection. + items: + type: string + type: array + displayName: + description: An arbitrary user-provided name for the AppConnection. + type: string + gateway: + description: Gateway used by the AppConnection. + properties: + appGateway: + description: 'AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.' + type: string + ingressPort: + description: Ingress port reserved on the gateways for this AppConnection, + if not specified or zero, the default port is 19443. + type: integer + type: + description: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + type: string + uri: + description: Server-defined URI for this resource. + type: string + required: + - appGateway + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -8429,10 +7260,7 @@ spec: - external properties: external: - description: |- - The group for the resource - - Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -8441,99 +7269,24 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - memberKey: - description: Immutable. The `EntityKey` of the member. Either `member_key` - or `preferred_member_key` must be set when calling MembershipsService.CreateMembership - but not both; both shall be set when returned. - properties: - id: - description: The ID of the entity. For Google-managed entities, - the `id` must be the email address of an existing group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: The namespace in which the entity exists. If not - specified, the `EntityKey` represents a Google-managed entity - such as a Google user or a Google Group. If specified, the `EntityKey` - represents an external-identity-mapped group. The namespace - must correspond to an identity source created in Admin Console - and must be in the form of `identitysources/{identity_source_id}`. - type: string - type: object - preferredMemberKey: - description: Immutable. Required. Immutable. The `EntityKey` of the - member. - properties: - id: - description: Immutable. The ID of the entity. For Google-managed - entities, the `id` must be the email address of a group or user. - For external-identity-mapped entities, the `id` must be a string - conforming to the Identity Source's requirements. Must be unique - within a `namespace`. - type: string - namespace: - description: Immutable. The namespace in which the entity exists. - If not specified, the `EntityKey` represents a Google-managed - entity such as a Google user or a Google Group. If specified, - the `EntityKey` represents an external-identity-mapped group. - The namespace must correspond to an identity source created - in Admin Console and must be in the form of `identitysources/{identity_source_id}`. - type: string - required: - - id - type: object + region: + description: Immutable. The region of the AppConnection. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. type: string - roles: - description: The `MembershipRole`s that apply to the `Membership`. - If unspecified, defaults to a single `MembershipRole` with `name` - `MEMBER`. Must not contain duplicate `MembershipRole`s with the - same `name`. - items: - properties: - expiryDetail: - description: The expiry details of the `MembershipRole`. Expiry - details are only supported for `MEMBER` `MembershipRoles`. - May be set if `name` is `MEMBER`. Must not be set if `name` - is any other value. - properties: - expireTime: - description: The time at which the `MembershipRole` will - expire. - format: date-time - type: string - type: object - name: - type: string - restrictionEvaluations: - description: Evaluations of restrictions applied to parent group - on this membership. - properties: - memberRestrictionEvaluation: - description: Evaluation of the member restriction applied - to this membership. Empty if the user lacks permission - to view the restriction evaluation. - properties: - state: - description: 'Output only. The current state of the - restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, - UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' - type: string - type: object - type: object - required: - - name - type: object - type: array required: - - groupRef - - preferredMemberKey - - roles + - applicationEndpoint + - projectRef + - region type: object status: properties: @@ -8563,30 +7316,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the `Membership` was created. - format: date-time - type: string - deliverySetting: - description: 'Output only. Delivery setting associated with the membership. - Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, - DAILY, NONE, DISABLED' - type: string - displayName: - description: Output only. The display name of this member, if available - properties: - familyName: - description: Output only. Member's family name - type: string - fullName: - description: Output only. Localized UTF-16 full name for the member. - Localization is done based on the language in the request and - the language of the stored display name. - type: string - givenName: - description: Output only. Member's given name - type: string - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -8594,15 +7323,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - type: - description: 'Output only. The type of the membership. Possible values: - OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' - type: string - updateTime: - description: Output only. The time when the `Membership` was last - updated. - format: date-time - type: string type: object required: - spec @@ -8622,25 +7342,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: beyondcorpappconnectors.beyondcorp.cnrm.cloud.google.com spec: - group: cloudscheduler.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: CloudSchedulerJob - plural: cloudschedulerjobs + kind: BeyondCorpAppConnector + plural: beyondcorpappconnectors shortNames: - - gcpcloudschedulerjob - - gcpcloudschedulerjobs - singular: cloudschedulerjob + - gcpbeyondcorpappconnector + - gcpbeyondcorpappconnectors + singular: beyondcorpappconnector preserveUnknownFields: false scope: Namespaced versions: @@ -8660,7 +7380,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -8678,366 +7398,66 @@ spec: type: object spec: properties: - appEngineHttpTarget: - description: App Engine HTTP target. + displayName: + description: An arbitrary user-provided name for the AppConnector. + type: string + principalInfo: + description: Principal information about the Identity of the AppConnector. properties: - appEngineRouting: - description: App Engine Routing setting for the job. + serviceAccount: + description: ServiceAccount represents a GCP service account. properties: - instance: - description: App instance. By default, the job is sent to - an instance which is available when the job is attempted. - Requests can only be sent to a specific instance if [manual - scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). - App Engine Flex does not support instances. For more information, - see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) - and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). - type: string - service: - description: App service. By default, the job is sent to the - service which is the default service when the job is attempted. - type: string - version: - description: App version. By default, the job is sent to the - version which is the default version when the job is attempted. + email: + description: Email address of the service account. type: string + required: + - email type: object - body: - description: Body. HTTP request body. A request body is allowed - only if the HTTP method is POST or PUT. It will result in invalid - argument error to set a body on a job with an incompatible HttpMethod. - type: string - headers: - additionalProperties: - type: string - description: 'HTTP request headers. This map contains the header - field names and values. Headers can be set when the job is created. - Cloud Scheduler sets some headers to default values: * `User-Agent`: - By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. - This header can be modified, but Cloud Scheduler will append - `"App Engine-Google; (+http://code.google.com/appengine)"` to - the modified `User-Agent`. * `X-CloudScheduler`: This header - will be set to true. The headers below are output only. They - cannot be set or overridden: * `X-Google-*`: For Google internal - use only. * `X-App Engine-*`: For Google internal use only. - In addition, some App Engine headers, which contain job-specific - information, are also be sent to the job handler.' - type: object - httpMethod: - description: 'The HTTP method to use for the request. PATCH and - OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, - POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' - type: string - relativeUri: - description: The relative URI. The relative URL must begin with - "/" and must be a valid HTTP relative URL. It can contain a - path, query string arguments, and `#` fragments. If the relative - URL is empty, then the root path "/" will be used. No spaces - are allowed, and the maximum length allowed is 2083 characters. - type: string + required: + - serviceAccount type: object - attemptDeadline: - description: 'The deadline for job attempts. If the request handler - does not respond by this deadline then the request is cancelled - and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The - failed attempt can be viewed in execution logs. Cloud Scheduler - will retry the job according to the RetryConfig. The allowed duration - for this deadline is: * For HTTP targets, between 15 seconds and - 30 minutes. * For App Engine HTTP targets, between 15 seconds and - 24 hours.' - type: string - description: - description: Optionally caller-specified in CreateJob or UpdateJob. - A human-readable description for the job. This string must not contain - more than 500 characters. - type: string - httpTarget: - description: HTTP target. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - body: - description: HTTP request body. A request body is allowed only - if the HTTP method is POST, PUT, or PATCH. It is an error to - set body on a job with an incompatible HttpMethod. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - headers: - additionalProperties: - type: string - description: 'The user can specify HTTP request headers to send - with the job''s HTTP request. This map contains the header field - names and values. Repeated headers are not supported, but a - header value can contain commas. These headers represent a subset - of the headers that will accompany the job''s HTTP request. - Some HTTP request headers will be ignored or replaced. A partial - list of headers that will be ignored or replaced is below: - - Host: This will be computed by Cloud Scheduler and derived from - uri. * `Content-Length`: This will be computed by Cloud Scheduler. - * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. - * `X-Google-*`: Google internal use only. * `X-appengine-*`: - Google internal use only. The total size of headers must be - less than 80KB.' - type: object - httpMethod: - description: 'Which HTTP method to use for the request. Possible - values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, - PATCH, OPTIONS' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - oauthToken: - description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) - will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization should generally - only be used when calling Google APIs hosted on *.googleapis.com. - properties: - scope: - description: OAuth scope to be used for generating OAuth access - token. If not specified, "https://www.googleapis.com/auth/cloud-platform" - will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - oidcToken: - description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) - token will be generated and attached as an `Authorization` header - in the HTTP request. This type of authorization can be used - for many scenarios, including calling Cloud Run, or endpoints - where you intend to validate the token yourself. - properties: - audience: - description: Audience to be used when generating OIDC token. - If not specified, the URI specified in target will be used. - type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - uri: - description: 'Required. The full URI path that the request will - be sent to. This string must begin with either "http://" or - "https://". Some examples of valid values for uri are: `http://acme.com` - and `https://acme.com/sales:8080`. Cloud Scheduler will encode - some characters for safety and compatibility. The maximum allowed - URL length is 2083 characters after encoding.' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - uri type: object - location: - description: Immutable. The location for the resource + region: + description: Immutable. The region of the AppConnector. type: string - pubsubTarget: - description: Pub/Sub target. - properties: - attributes: - additionalProperties: - type: string - description: Attributes for PubsubMessage. Pubsub message must - contain either non-empty data, or at least one attribute. - type: object - data: - description: The message payload for PubsubMessage. Pubsub message - must contain either non-empty data, or at least one attribute. - type: string - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retryConfig: - description: Settings that determine the retry behavior. - properties: - maxBackoffDuration: - description: The maximum amount of time to wait before retrying - a job after it fails. The default value of this field is 1 hour. - type: string - maxDoublings: - description: The time between retries will double `max_doublings` - times. A job's retry interval starts at min_backoff_duration, - then doubles `max_doublings` times, then increases linearly, - and finally retries at intervals of max_backoff_duration up - to retry_count times. For example, if min_backoff_duration is - 10s, max_backoff_duration is 300s, and `max_doublings` is 3, - then the a job will first be retried in 10s. The retry interval - will double three times, and then increase linearly by 2^3 * - 10s. Finally, the job will retry at intervals of max_backoff_duration - until the job has been attempted retry_count times. Thus, the - requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, - 300s, .... The default value of this field is 5. - format: int64 - type: integer - maxRetryDuration: - description: The time limit for retrying a failed job, measured - from time when an execution was first attempted. If specified - with retry_count, the job will be retried until both limits - are reached. The default value for max_retry_duration is zero, - which means retry duration is unlimited. - type: string - minBackoffDuration: - description: The minimum amount of time to wait before retrying - a job after it fails. The default value of this field is 5 seconds. - type: string - retryCount: - description: The number of attempts that the system will make - to run a job using the exponential backoff procedure described - by max_doublings. The default value of retry_count is zero. - If retry_count is zero, a job attempt will *not* be retried - if it fails. Instead the Cloud Scheduler system will wait for - the next scheduled execution time. If retry_count is set to - a non-zero number then Cloud Scheduler will retry failed attempts, - using exponential backoff, retry_count times, or until the next - scheduled execution time, whichever comes first. Values greater - than 5 and negative values are not allowed. - format: int64 - type: integer - type: object - schedule: - description: 'Required, except when used with UpdateJob. Describes - the schedule on which the job will be executed. The schedule can - be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) - * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) - As a general rule, execution `n + 1` of a job will not begin until - execution `n` has finished. Cloud Scheduler will never allow two - simultaneously outstanding executions. For example, this implies - that if the `n+1`th execution is scheduled to run at 16:00 but the - `n`th execution takes until 16:15, the `n+1`th execution will not - start until `16:15`. A scheduled start time will be delayed if the - previous execution has not ended when its scheduled time occurs. - If retry_count > 0 and a job attempt fails, the job will be tried - a total of retry_count times, with exponential backoff, until the - next scheduled start time.' - type: string - timeZone: - description: Specifies the time zone to be used in interpreting schedule. - The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). - Note that some time zones include a provision for daylight savings - time. The rules for daylight saving time are determined by the chosen - tz. For UTC use the string "utc". If a time zone is not specified, - the default will be in UTC (also known as GMT). - type: string required: - - location + - principalInfo + - projectRef + - region type: object status: properties: - appEngineHttpTarget: - properties: - appEngineRouting: - properties: - host: - description: 'Output only. The host that the job is sent to. - For more information about how App Engine requests are routed, - see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). - The host is constructed as: * `host = [application_domain_name]` - `| [service] + ''.'' + [application_domain_name]` `| [version] - + ''.'' + [application_domain_name]` `| [version_dot_service]+ - ''.'' + [application_domain_name]` `| [instance] + ''.'' - + [application_domain_name]` `| [instance_dot_service] + - ''.'' + [application_domain_name]` `| [instance_dot_version] - + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] - + ''.'' + [application_domain_name]` * `application_domain_name` - = The domain name of the app, for example .appspot.com, - which is associated with the job''s project ID. * `service - =` service * `version =` version * `version_dot_service - =` version `+ ''.'' +` service * `instance =` instance * - `instance_dot_service =` instance `+ ''.'' +` service * - `instance_dot_version =` instance `+ ''.'' +` version * - `instance_dot_version_dot_service =` instance `+ ''.'' +` - version `+ ''.'' +` service If service is empty, then the - job will be sent to the service which is the default service - when the job is attempted. If version is empty, then the - job will be sent to the version which is the default version - when the job is attempted. If instance is empty, then the - job will be sent to an instance which is available when - the job is attempted. If service, version, or instance is - invalid, then the job will be sent to the default version - of the default service when the job is attempted.' - type: string - type: object - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -9064,10 +7484,6 @@ spec: type: string type: object type: array - lastAttemptTime: - description: Output only. The time the last job attempt started. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -9075,71 +7491,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - scheduleTime: - description: Output only. The next time the job is scheduled. Note - that this may be a retry of a previously failed attempt or the next - execution time according to the schedule. - format: date-time - type: string state: - description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, - ENABLED, PAUSED, DISABLED, UPDATE_FAILED' - type: string - status: - description: Output only. The response from the target for the last - attempted execution. - properties: - code: - description: The status code, which should be an enum value of - google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. This - string must contain at least one "/" character. The last - segment of the URL''s path must represent the fully qualified - name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually precompile - into the binary all types that they expect it to use in - the context of Any. However, for URLs which use the scheme - `http`, `https`, or no scheme, one can optionally set - up a type server that maps type URLs to message definitions - as follows: * If no scheme is provided, `https` is assumed. - * An HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the URL, - or have them precompiled into a binary to avoid any lookup. - Therefore, binary compatibility needs to be preserved - on changes to types. (Use versioned type names to manage - breaking changes.) Note: this functionality is not currently - available in the official protobuf release, and it is - not used for type URLs beginning with type.googleapis.com. - Schemes other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should be - in English. Any user-facing error message should be localized - and sent in the google.rpc.Status.details field, or localized - by the client. - type: string - type: object - userUpdateTime: - description: Output only. The creation time of the job. - format: date-time + description: Represents the different states of a AppConnector. type: string type: object required: @@ -9160,25 +7513,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeaddresses.compute.cnrm.cloud.google.com + name: beyondcorpappgateways.beyondcorp.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: beyondcorp.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeAddress - plural: computeaddresses + kind: BeyondCorpAppGateway + plural: beyondcorpappgateways shortNames: - - gcpcomputeaddress - - gcpcomputeaddresses - singular: computeaddress + - gcpbeyondcorpappgateway + - gcpbeyondcorpappgateways + singular: beyondcorpappgateway preserveUnknownFields: false scope: Namespaced versions: @@ -9198,7 +7551,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9216,37 +7569,16 @@ spec: type: object spec: properties: - address: - description: |- - Immutable. The static external IP address represented by this resource. Only - IPv4 is supported. An address may only be specified for INTERNAL - address types. The IP address must be inside the specified subnetwork, - if any. Set by the API if undefined. - type: string - addressType: - description: 'Immutable. The type of address to reserve. Default value: - "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"].' - type: string - description: - description: Immutable. An optional description of this resource. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - address. The default value is ''IPV4''. Possible values: ["IPV4", - "IPV6"]. This field can only be specified for a global address.' + displayName: + description: Immutable. An arbitrary user-provided name for the AppGateway. type: string - location: - description: 'Location represents the geographical location of the - ComputeAddress. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + hostType: + description: 'Immutable. The type of hosting used by the AppGateway. + Default value: "HOST_TYPE_UNSPECIFIED" Possible values: ["HOST_TYPE_UNSPECIFIED", + "GCP_REGIONAL_MIG"].' type: string - networkRef: - description: |- - The network in which to reserve the address. If global, the address - must be within the RFC1918 IP space. The network cannot be deleted - if there are any reserved IP ranges referring to it. This field can - only be used with INTERNAL type with the VPC_PEERING and - IPSEC_INTERCONNECT purposes. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9263,8 +7595,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9273,49 +7604,174 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkTier: - description: |- - Immutable. The networking tier used for configuring this address. If this field is not - specified, it is assumed to be PREMIUM. Possible values: ["PREMIUM", "STANDARD"]. - type: string - prefixLength: - description: Immutable. The prefix length if the resource represents - an IP range. - type: integer - purpose: - description: |- - Immutable. The purpose of this resource, which can be one of the following values. - - * GCE_ENDPOINT for addresses that are used by VM instances, alias IP - ranges, load balancers, and similar resources. - - * SHARED_LOADBALANCER_VIP for an address that can be used by multiple - internal load balancers. - - * VPC_PEERING for addresses that are reserved for VPC peer networks. - - * IPSEC_INTERCONNECT for addresses created from a private IP range that - are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect - configuration. These addresses are regional resources. - - * PRIVATE_SERVICE_CONNECT for a private network address that is used to - configure Private Service Connect. Only global internal addresses can use - this purpose. - - - This should only be set when using an Internal address. + region: + description: Immutable. The region of the AppGateway. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - The subnetwork in which to reserve the address. If an IP address is - specified, it must be within the subnetwork's IP range. This field - can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER - purposes. + type: + description: 'Immutable. The type of network connectivity used by + the AppGateway. Default value: "TYPE_UNSPECIFIED" Possible values: + ["TYPE_UNSPECIFIED", "TCP_PROXY"].' + type: string + required: + - projectRef + - region + type: object + status: + properties: + allocatedConnections: + description: A list of connections allocated for the Gateway. + items: + properties: + ingressPort: + description: The ingress port of an allocated connection. + type: integer + pscUri: + description: The PSC uri of an allocated connection. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: Represents the different states of a AppGateway. + type: string + uri: + description: Server-defined URI for this resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryanalyticshubdataexchanges.bigqueryanalyticshub.cnrm.cloud.google.com +spec: + group: bigqueryanalyticshub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryAnalyticsHubDataExchange + plural: bigqueryanalyticshubdataexchanges + shortNames: + - gcpbigqueryanalyticshubdataexchange + - gcpbigqueryanalyticshubdataexchanges + singular: bigqueryanalyticshubdataexchange + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the data exchange. + type: string + displayName: + description: Human-readable display name of the data exchange. The + display name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), and must not start or end with spaces. + type: string + documentation: + description: Documentation describing the data exchange. + type: string + icon: + description: Base64 encoded image representing the data exchange. + type: string + location: + description: Immutable. The name of the location this data exchange. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the data + exchange. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9332,8 +7788,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9342,8 +7797,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The dataExchangeId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - displayName - location + - projectRef type: object status: properties: @@ -9373,13 +7835,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + listingCount: + description: Number of listings contained in the data exchange. + type: integer + name: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9388,13 +7850,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - users: - description: The URLs of the resources that are using this address. - items: - type: string - type: array type: object required: - spec @@ -9414,25 +7869,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendbuckets.compute.cnrm.cloud.google.com + name: bigqueryanalyticshublistings.bigqueryanalyticshub.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryanalyticshub.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendBucket - plural: computebackendbuckets + kind: BigQueryAnalyticsHubListing + plural: bigqueryanalyticshublistings shortNames: - - gcpcomputebackendbucket - - gcpcomputebackendbuckets - singular: computebackendbucket + - gcpbigqueryanalyticshublisting + - gcpbigqueryanalyticshublistings + singular: bigqueryanalyticshublisting preserveUnknownFields: false scope: Namespaced versions: @@ -9452,7 +7907,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9470,8 +7925,66 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + bigqueryDataset: + description: Shared dataset i.e. BigQuery dataset source. + properties: + dataset: + description: Resource name of the dataset source for this listing. + e.g. projects/myproject/datasets/123. + type: string + required: + - dataset + type: object + categories: + description: Categories of the listing. Up to two categories are allowed. + items: + type: string + type: array + dataExchangeId: + description: Immutable. The ID of the data exchange. Must contain + only Unicode letters, numbers (0-9), underscores (_). Should not + use characters that require URL-escaping, or characters outside + of ASCII, spaces. + type: string + dataProvider: + description: Details of the data provider who owns the source data. + properties: + name: + description: Name of the data provider. + type: string + primaryContact: + description: Email or URL of the data provider. + type: string + required: + - name + type: object + description: + description: Short description of the listing. The description must + not contain Unicode non-characters and C0 and C1 control codes except + tabs (HT), new lines (LF), carriage returns (CR), and page breaks + (FF). + type: string + displayName: + description: Human-readable display name of the listing. The display + name must contain only Unicode letters, numbers (0-9), underscores + (_), dashes (-), spaces ( ), ampersands (&) and can't start or end + with spaces. + type: string + documentation: + description: Documentation describing the listing. + type: string + icon: + description: Base64 encoded image representing the listing. + type: string + location: + description: Immutable. The name of the location this data exchange + listing. + type: string + primaryContact: + description: Email or URL of the primary point of contact of the listing. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -9488,8 +8001,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -9498,132 +8010,34 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cdnPolicy: - description: Cloud CDN configuration for this Backend Bucket. + publisher: + description: Details of the publisher who owns the listing and who + can share the source data. properties: - bypassCacheOnRequestHeaders: - description: Bypass the cache when the specified request headers - are matched - e.g. Pragma or Authorization headers. Up to 5 - headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode - settings. - items: - properties: - headerName: - description: The header field name to match on when bypassing - cache. Values are case-insensitive. - type: string - type: object - type: array - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. - properties: - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - Default parameters are always included. '&' and '=' will - be percent encoded and not treated as delimiters. - items: - type: string - type: array - type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + name: + description: Name of the listing publisher. type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - requestCoalescing: - description: If true then Cloud CDN will combine multiple concurrent - cache fill requests into a small number of requests to the origin. - type: boolean - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request will - be considered fresh. After this time period, - the response will be revalidated before being served. - When serving responses to signed URL requests, - Cloud CDN will internally behave as though - all responses from this backend had a "Cache-Control: public, - max-age=[TTL]" header, regardless of any existing Cache-Control - header. The actual headers served in responses will not be altered. - type: integer + primaryContact: + description: Email or URL of the listing publisher. + type: string + required: + - name type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - customResponseHeaders: - description: Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array - description: - description: |- - An optional textual description of the resource; provided by the - client when the resource is created. + requestAccess: + description: Email or URL of the request access of the listing. Subscribers + can use this reference to request access. type: string - edgeSecurityPolicy: - description: The security policy associated with this backend bucket. - type: string - enableCdn: - description: If true, enable Cloud CDN for this BackendBucket. - type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The listingId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - bucketRef + - bigqueryDataset + - dataExchangeId + - displayName + - location + - projectRef type: object status: properties: @@ -9653,8 +8067,8 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -9663,8 +8077,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -9684,25 +8096,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computebackendservices.compute.cnrm.cloud.google.com + name: bigqueryconnectionconnections.bigqueryconnection.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryconnection.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeBackendService - plural: computebackendservices + kind: BigQueryConnectionConnection + plural: bigqueryconnectionconnections shortNames: - - gcpcomputebackendservice - - gcpcomputebackendservices - singular: computebackendservice + - gcpbigqueryconnectionconnection + - gcpbigqueryconnectionconnections + singular: bigqueryconnectionconnection preserveUnknownFields: false scope: Namespaced versions: @@ -9722,7 +8134,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -9740,495 +8152,179 @@ spec: type: object spec: properties: - affinityCookieTtlSec: - description: |- - Lifetime of cookies in seconds if session_affinity is - GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts - only until the end of the browser session (or equivalent). The - maximum allowed value for TTL is one day. - - When the load balancing scheme is INTERNAL, this field is not used. - type: integer - backend: - description: The set of backends that serve this BackendService. - items: - properties: - balancingMode: - description: |- - Specifies the balancing mode for this backend. - - For global HTTP(S) or TCP/SSL load balancing, the default is - UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) - and CONNECTION (for TCP/SSL). - - See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) - for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. - type: string - capacityScaler: - description: |- - A multiplier applied to the group's maximum servicing capacity - (based on UTILIZATION, RATE or CONNECTION). - - Default value is 1, which means the group will serve up to 100% - of its configured capacity (depending on balancingMode). A - setting of 0 means the group is completely drained, offering - 0% of its available Capacity. Valid range is [0.0,1.0]. - type: number - description: - description: |- - An optional description of this resource. - Provide this property when you create the resource. - type: string - failover: - description: |- - This field designates whether this is a failover backend. More - than one failover backend can be configured for a given RegionBackendService. - type: boolean - group: - description: |- - Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup - resource. In case of instance group this defines the list of - instances that serve traffic. Member virtual machine instances from - each instance group must live in the same zone as the instance - group itself. No two backends in a backend service are allowed to - use same Instance Group resource. - - For Network Endpoint Groups this defines list of endpoints. All - endpoints of Network Endpoint Group must be hosted on instances - located in the same zone as the Network Endpoint Group. - - Backend services cannot mix Instance Group and Network Endpoint - Group backends. - - When the 'load_balancing_scheme' is INTERNAL, only instance groups - are supported. - oneOf: - - required: - - instanceGroupRef - - required: - - networkEndpointGroupRef - properties: - instanceGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeInstanceGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkEndpointGroupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetworkEndpointGroup` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - maxConnections: - description: |- - The max number of simultaneous connections for the group. Can - be used with either CONNECTION or UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or one - of maxConnectionsPerInstance or maxConnectionsPerEndpoint, - as appropriate for group type, must be set. - type: integer - maxConnectionsPerEndpoint: - description: |- - The max number of simultaneous connections that a single backend - network endpoint can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either - maxConnections or maxConnectionsPerEndpoint must be set. - type: integer - maxConnectionsPerInstance: - description: |- - The max number of simultaneous connections that a single - backend instance can handle. This is used to calculate the - capacity of the group. Can be used in either CONNECTION or - UTILIZATION balancing modes. - - For CONNECTION mode, either maxConnections or - maxConnectionsPerInstance must be set. - type: integer - maxRate: - description: |- - The max requests per second (RPS) of the group. - - Can be used with either RATE or UTILIZATION balancing modes, - but required if RATE mode. For RATE mode, either maxRate or one - of maxRatePerInstance or maxRatePerEndpoint, as appropriate for - group type, must be set. - type: integer - maxRatePerEndpoint: - description: |- - The max requests per second (RPS) that a single backend network - endpoint can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerEndpoint must be set. - type: number - maxRatePerInstance: - description: |- - The max requests per second (RPS) that a single backend - instance can handle. This is used to calculate the capacity of - the group. Can be used in either balancing mode. For RATE mode, - either maxRate or maxRatePerInstance must be set. - type: number - maxUtilization: - description: |- - Used when balancingMode is UTILIZATION. This ratio defines the - CPU utilization target for the group. Valid range is [0.0, 1.0]. - type: number - required: - - group - type: object - type: array - cdnPolicy: - description: Cloud CDN configuration for this BackendService. + aws: + description: Connection properties specific to Amazon Web Services. properties: - cacheKeyPolicy: - description: The CacheKeyPolicy for this CdnPolicy. + accessRole: + description: Authentication using Google owned service account + to assume into customer's AWS IAM Role. properties: - includeHost: - description: If true requests to different hosts will be cached - separately. - type: boolean - includeHttpHeaders: - description: |- - Allows HTTP request headers (by name) to be used in the - cache key. - items: - type: string - type: array - includeNamedCookies: - description: Names of cookies to include in cache keys. - items: - type: string - type: array - includeProtocol: - description: If true, http and https requests will be cached - separately. - type: boolean - includeQueryString: - description: |- - If true, include query string parameters in the cache key - according to query_string_whitelist and - query_string_blacklist. If neither is set, the entire query - string will be included. - - If false, the query string will be excluded from the cache - key entirely. - type: boolean - queryStringBlacklist: - description: |- - Names of query string parameters to exclude in cache keys. - - All other parameters will be included. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array - queryStringWhitelist: - description: |- - Names of query string parameters to include in cache keys. - - All other parameters will be excluded. Either specify - query_string_whitelist or query_string_blacklist, not both. - '&' and '=' will be percent encoded and not treated as - delimiters. - items: - type: string - type: array + iamRoleId: + description: The user’s AWS IAM Role that trusts the Google-owned + AWS IAM user Connection. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access + the user's AWS IAM Role. + type: string + required: + - iamRoleId type: object - cacheMode: - description: |- - Specifies the cache setting for all responses from this backend. - The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. - type: string - clientTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - defaultTtl: - description: |- - Specifies the default TTL for cached content served by this origin for responses - that do not have an existing valid TTL (max-age or s-max-age). - type: integer - maxTtl: - description: Specifies the maximum allowed TTL for cached content - served by this origin. - type: integer - negativeCaching: - description: Negative caching allows per-status code TTLs to be - set, in order to apply fine-grained caching for common errors - or redirects. - type: boolean - negativeCachingPolicy: - description: |- - Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. - Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. - items: - properties: - code: - description: |- - The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 - can be specified as values, and you cannot specify a status code more than once. - type: integer - ttl: - description: |- - The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s - (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. - type: integer - type: object - type: array - serveWhileStale: - description: Serve existing content from the cache (if available) - when revalidating content with the origin, or when an error - is encountered when refreshing the cache. - type: integer - signedUrlCacheMaxAgeSec: - description: |- - Maximum number of seconds the response to a signed URL request - will be considered fresh, defaults to 1hr (3600s). After this - time period, the response will be revalidated before - being served. - - When serving responses to signed URL requests, Cloud CDN will - internally behave as though all responses from this backend had a - "Cache-Control: public, max-age=[TTL]" header, regardless of any - existing Cache-Control header. The actual headers served in - responses will not be altered. - type: integer + required: + - accessRole type: object - circuitBreakers: - description: |- - Settings controlling the volume of connections to a backend service. This field - is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. + azure: + description: Container for connection properties specific to Azure. properties: - connectTimeout: - description: The timeout for new network connections to hosts. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - maxConnections: - description: |- - The maximum number of connections to the backend cluster. - Defaults to 1024. - type: integer - maxPendingRequests: - description: |- - The maximum number of pending requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequests: - description: |- - The maximum number of parallel requests to the backend cluster. - Defaults to 1024. - type: integer - maxRequestsPerConnection: - description: |- - Maximum requests for a single backend connection. This parameter - is respected by both the HTTP/1.1 and HTTP/2 implementations. If - not specified, there is no limit. Setting this parameter to 1 - will effectively disable keep alive. - type: integer - maxRetries: - description: |- - The maximum number of parallel retries to the backend cluster. - Defaults to 3. - type: integer + application: + description: The name of the Azure Active Directory Application. + type: string + clientId: + description: The client id of the Azure Active Directory Application. + type: string + customerTenantId: + description: The id of customer's directory that host the data. + type: string + federatedApplicationClientId: + description: The Azure Application (client) ID where the federated + credentials will be hosted. + type: string + identity: + description: A unique Google-owned and Google-generated identity + for the Connection. This identity will be used to access the + user's Azure Active Directory Application. + type: string + objectId: + description: The object id of the Azure Active Directory Application. + type: string + redirectUri: + description: The URL user will be redirected to after granting + consent during connection setup. + type: string + required: + - customerTenantId type: object - compressionMode: - description: 'Compress text responses using Brotli or gzip compression, - based on the client''s Accept-Encoding header. Possible values: - ["AUTOMATIC", "DISABLED"].' - type: string - connectionDrainingTimeoutSec: - description: |- - Time for which instance will be drained (not accept new - connections, but still work to finish started). - type: integer - connectionTrackingPolicy: - description: |- - Connection Tracking configuration for this BackendService. - This is available only for Layer 4 Internal Load Balancing and - Network Load Balancing. + cloudResource: + description: Container for connection properties for delegation of + access to GCP resources. properties: - connectionPersistenceOnUnhealthyBackends: - description: |- - Specifies connection persistence when backends are unhealthy. - - If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on - unhealthy backends only for connection-oriented protocols (TCP and SCTP) - and only if the Tracking Mode is PER_CONNECTION (default tracking mode) - or the Session Affinity is configured for 5-tuple. They do not persist - for UDP. - - If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing - connections on the unhealthy backend are never persisted on the unhealthy - backend. They are always diverted to newly selected healthy backends - (unless all backends are unhealthy). - - If set to 'ALWAYS_PERSIST', existing connections always persist on - unhealthy backends regardless of protocol and session affinity. It is - generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. + serviceAccountId: + description: The account ID of the service created for the purpose + of this connection. type: string - idleTimeoutSec: - description: |- - Specifies how long to keep a Connection Tracking entry while there is - no matching traffic (in seconds). - - For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. - - For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. - type: integer - trackingMode: - description: |- - Specifies the key used for connection tracking. There are two options: - 'PER_CONNECTION': The Connection Tracking is performed as per the - Connection Key (default Hash Method) for the specific protocol. - - 'PER_SESSION': The Connection Tracking is performed as per the - configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. + type: object + cloudSpanner: + description: Connection properties specific to Cloud Spanner. + properties: + database: + description: Cloud Spanner database in the form 'project/instance/database'. type: string + useParallelism: + description: If parallelism should be used when reading from Cloud + Spanner. + type: boolean + useServerlessAnalytics: + description: If the serverless analytics service should be used + to read data from Cloud Spanner. useParallelism must be set + when using serverless analytics. + type: boolean + required: + - database type: object - consistentHash: - description: |- - Consistent Hash-based load balancing can be used to provide soft session - affinity based on HTTP headers, cookies or other properties. This load balancing - policy is applicable only for HTTP connections. The affinity to a particular - destination host will be lost when one or more hosts are added/removed from the - destination service. This field specifies parameters that control consistent - hashing. This field only applies if the load_balancing_scheme is set to - INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is - set to MAGLEV or RING_HASH. + cloudSql: + description: Connection properties specific to the Cloud SQL. properties: - httpCookie: - description: |- - Hash is based on HTTP Cookie. This field describes a HTTP cookie - that will be used as the hash key for the consistent hash load - balancer. If the cookie is not present, it will be generated. - This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + credential: + description: Cloud SQL properties. properties: - name: - description: Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: Lifetime of the cookie. + password: + description: Password for database. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object + username: + description: Username for database. + type: string + required: + - password + - username type: object - httpHeaderName: - description: |- - The hash based on the value of the specified header field. - This field is applicable if the sessionAffinity is set to HEADER_FIELD. + database: + description: Database name. type: string - minimumRingSize: - description: |- - The minimum number of virtual nodes to use for the hash ring. - Larger ring sizes result in more granular load - distributions. If the number of hosts in the load balancing pool - is larger than the ring size, each host will be assigned a single - virtual node. - Defaults to 1024. - type: integer + instanceId: + description: Cloud SQL instance ID in the form project:location:instance. + type: string + serviceAccountId: + description: When the connection is used in the context of an + operation in BigQuery, this service account will serve as the + identity being used for connecting to the CloudSQL instance + specified in this connection. + type: string + type: + description: 'Type of the Cloud SQL database. Possible values: + ["DATABASE_TYPE_UNSPECIFIED", "POSTGRES", "MYSQL"].' + type: string + required: + - credential + - database + - instanceId + - type type: object - customRequestHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - requests. - items: - type: string - type: array - customResponseHeaders: - description: |- - Headers that the HTTP/S load balancer should add to proxied - responses. - items: - type: string - type: array description: - description: An optional description of this resource. + description: A descriptive description for the connection. type: string - edgeSecurityPolicyRef: + friendlyName: + description: A descriptive name for the connection. + type: string + location: description: |- - The resource URL for the edge security policy associated with this - backend service. + Immutable. The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10245,8 +8341,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10255,358 +8350,157 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - enableCdn: - description: If true, enable Cloud CDN for this BackendService. - type: boolean - failoverPolicy: - description: Policy for failovers. - properties: - disableConnectionDrainOnFailover: - description: |- - On failover or failback, this field indicates whether connection drain - will be honored. Setting this to true has the following effect: connections - to the old active pool are not drained. Connections to the new active pool - use the timeout of 10 min (currently fixed). Setting to false has the - following effect: both old and new connections will have a drain timeout - of 10 min. - This can be set to true only if the protocol is TCP. - The default is false. - type: boolean - dropTrafficIfUnhealthy: - description: |- - This option is used only when no healthy VMs are detected in the primary - and backup instance groups. When set to true, traffic is dropped. When - set to false, new connections are sent across all VMs in the primary group. - The default is false. - type: boolean - failoverRatio: - description: |- - The value of the field must be in [0, 1]. If the ratio of the healthy - VMs in the primary backend is at or below this number, traffic arriving - at the load-balanced IP will be directed to the failover backend. - In case where 'failoverRatio' is not set or all the VMs in the backup - backend are unhealthy, the traffic will be directed back to the primary - backend in the "force" mode, where traffic will be spread to the healthy - VMs with the best effort, or to all VMs when no VM is healthy. - This field is only used with l4 load balancing. - type: number - type: object - healthChecks: + resourceID: + description: Immutable. Optional. The connectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - The health check resources for health checking this - ComputeBackendService. Currently at most one health check can be - specified, and a health check is required. - oneOf: - - required: - - healthCheckRef - - required: - - httpHealthCheckRef properties: - healthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - iap: - description: Settings for enabling Cloud Identity Aware Proxy. - oneOf: - - required: - - oauth2ClientId - - required: - - oauth2ClientIdRef + hasCredential: + description: True if the connection has credential assigned. + type: boolean + name: + description: "The resource name of the connection in the form of: + \n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatapolicydatapolicies.bigquerydatapolicy.cnrm.cloud.google.com +spec: + group: bigquerydatapolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDataPolicyDataPolicy + plural: bigquerydatapolicydatapolicies + shortNames: + - gcpbigquerydatapolicydatapolicy + - gcpbigquerydatapolicydatapolicies + singular: bigquerydatapolicydatapolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataMaskingPolicy: + description: The data masking policy that specifies the data masking + rule to use. properties: - oauth2ClientId: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` - instead. - type: string - oauth2ClientIdRef: - description: |- - Only `external` field is supported to configure the reference. - - OAuth2 Client ID for IAP. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauth2ClientSecret: - description: OAuth2 Client Secret for IAP. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - oauth2ClientSecretSha256: - description: OAuth2 Client Secret SHA-256 for IAP. + predefinedExpression: + description: 'The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values: ["SHA256", "ALWAYS_NULL", "DEFAULT_MASKING_VALUE", + "LAST_FOUR_CHARACTERS", "FIRST_FOUR_CHARACTERS", "EMAIL_MASK", + "DATE_YEAR_MASK"].' type: string + required: + - predefinedExpression type: object - loadBalancingScheme: - description: |- - Immutable. Indicates whether the backend service will be used with internal or - external load balancing. A backend service created for one type of - load balancing cannot be used with the other. For more information, refer to - [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. - type: string - localityLbPolicies: - description: |- - A list of locality load balancing policies to be used in order of - preference. Either the policy or the customPolicy field should be set. - Overrides any value set in the localityLbPolicy field. - - localityLbPolicies is only supported when the BackendService is referenced - by a URL Map that is referenced by a target gRPC proxy that has the - validateForProxyless field set to true. - items: - properties: - customPolicy: - description: |- - The configuration for a custom policy implemented by the user and - deployed with the client. - properties: - data: - description: |- - An optional, arbitrary JSON object with configuration data, understood - by a locally installed custom policy implementation. - type: string - name: - description: |- - Identifies the custom policy. - - The value should match the type the custom implementation is registered - with on the gRPC clients. It should follow protocol buffer - message naming conventions and include the full path (e.g. - myorg.CustomLbPolicy). The maximum length is 256 characters. - - Note that specifying the same custom policy more than once for a - backend is not a valid configuration and will be rejected. - type: string - required: - - name - type: object - policy: - description: The configuration for a built-in load balancing - policy. - properties: - name: - description: |- - The name of a locality load balancer policy to be used. The value - should be one of the predefined ones as supported by localityLbPolicy, - although at the moment only ROUND_ROBIN is supported. - - This field should only be populated when the customPolicy field is not - used. - - Note that specifying the same policy more than once for a backend is - not a valid configuration and will be rejected. - - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. - type: string - required: - - name - type: object - type: object - type: array - localityLbPolicy: - description: |- - The load balancing algorithm used within the scope of the locality. - The possible values are: - - * 'ROUND_ROBIN': This is a simple policy in which each healthy backend - is selected in round robin order. - - * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy - hosts and picks the host which has fewer active requests. - - * 'RING_HASH': The ring/modulo hash load balancer implements consistent - hashing to backends. The algorithm has the property that the - addition/removal of a host from a set of N hosts only affects - 1/N of the requests. - - * 'RANDOM': The load balancer selects a random healthy host. - - * 'ORIGINAL_DESTINATION': Backend host is selected based on the client - connection metadata, i.e., connections are opened - to the same address as the destination address of - the incoming connection before the connection - was redirected to the load balancer. - - * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. - Maglev is not as stable as ring hash but has faster table lookup - build times and host selection times. For more information about - Maglev, refer to https://ai.google/research/pubs/pub44824 - - - This field is applicable to either: - - * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, - and loadBalancingScheme set to INTERNAL_MANAGED. - * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. - - - If session_affinity is not NONE, and this field is not set to MAGLEV or RING_HASH, - session affinity settings will not take effect. - - Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced - by a URL map that is bound to target gRPC proxy that has validate_for_proxyless - field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. + dataPolicyType: + description: 'The enrollment level of the service. Possible values: + ["COLUMN_LEVEL_SECURITY_POLICY", "DATA_MASKING_POLICY"].' type: string location: - description: 'Location represents the geographical location of the - ComputeBackendService. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + description: Immutable. The name of the location of the data policy. type: string - logConfig: - description: |- - This field denotes the logging options for the load balancer traffic served by this backend service. - If logging is enabled, logs will be exported to Stackdriver. - properties: - enable: - description: Whether to enable logging for the load balancer traffic - served by this backend service. - type: boolean - sampleRate: - description: |- - This field can only be specified if logging is enabled for this backend service. The value of - the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer - where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. - The default value is 1.0. - type: number - type: object - networkRef: - description: |- - The network to which this backend service belongs. This field can - only be specified when the load balancing scheme is set to - INTERNAL. + policyTag: + description: Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10623,8 +8517,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10633,130 +8526,182 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - outlierDetection: - description: |- - Settings controlling eviction of unhealthy hosts from the load balancing pool. - This field is applicable only when the load_balancing_scheme is set - to INTERNAL_SELF_MANAGED. - properties: - baseEjectionTime: - description: |- - The base time that a host is ejected for. The real time is equal to the base - time multiplied by the number of times the host has been ejected. Defaults to - 30000ms or 30s. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds - type: object - consecutiveErrors: - description: |- - Number of errors before a host is ejected from the connection pool. When the - backend host is accessed over HTTP, a 5xx return code qualifies as an error. - Defaults to 5. - type: integer - consecutiveGatewayFailure: - description: |- - The number of consecutive gateway failures (502, 503, 504 status or connection - errors that are mapped to one of those status codes) before a consecutive - gateway failure ejection occurs. Defaults to 5. - type: integer - enforcingConsecutiveErrors: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive 5xx. This setting can be used to disable - ejection or to ramp it up slowly. Defaults to 100. - type: integer - enforcingConsecutiveGatewayFailure: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through consecutive gateway failures. This setting can be - used to disable ejection or to ramp it up slowly. Defaults to 0. - type: integer - enforcingSuccessRate: - description: |- - The percentage chance that a host will be actually ejected when an outlier - status is detected through success rate statistics. This setting can be used to - disable ejection or to ramp it up slowly. Defaults to 100. - type: integer - interval: - description: |- - Time interval between ejection sweep analysis. This can result in both new - ejections as well as hosts being returned to service. Defaults to 10 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: integer - required: - - seconds + resourceID: + description: Immutable. Optional. The dataPolicyId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - dataPolicyType + - location + - policyTag + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigquerydatasetaccesses.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryDatasetAccess + plural: bigquerydatasetaccesses + shortNames: + - gcpbigquerydatasetaccess + - gcpbigquerydatasetaccesses + singular: bigquerydatasetaccess + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dataset: + description: Immutable. Grants all resources of particular types in + a particular dataset read access to the current dataset. + properties: + dataset: + description: Immutable. The dataset this entry applies to. + properties: + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + required: + - datasetId + - projectId type: object - maxEjectionPercent: - description: |- - Maximum percentage of hosts in the load balancing pool for the backend service - that can be ejected. Defaults to 10%. - type: integer - successRateMinimumHosts: - description: |- - The number of hosts in a cluster that must have enough request volume to detect - success rate outliers. If the number of hosts is less than this setting, outlier - detection via success rate statistics is not performed for any host in the - cluster. Defaults to 5. - type: integer - successRateRequestVolume: - description: |- - The minimum number of total requests that must be collected in one interval (as - defined by the interval duration above) to include this host in success rate - based outlier detection. If the volume is lower than this setting, outlier - detection via success rate statistics is not performed for that host. Defaults - to 100. - type: integer - successRateStdevFactor: + targetTypes: description: |- - This factor is used to determine the ejection threshold for success rate outlier - ejection. The ejection threshold is the difference between the mean success - rate, and the product of this factor and the standard deviation of the mean - success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided - by a thousand to get a double. That is, if the desired factor is 1.9, the - runtime value should be 1900. Defaults to 1900. - type: integer + Immutable. Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes type: object - portName: + datasetId: description: |- - Name of backend port. The same name should appear in the instance - groups referenced by this service. Required when the load balancing - scheme is EXTERNAL. + Immutable. A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. type: string - protocol: + domain: description: |- - The protocol this BackendService uses to communicate with backends. - The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer - types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + Immutable. A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + groupByEmail: + description: Immutable. An email address of a Google Group to grant + access to. type: string - securityPolicyRef: - description: The security policy associated with this backend service. + iamMember: + description: |- + Immutable. Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: 'allUsers'. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -10773,8 +8718,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -10783,85 +8727,79 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - securitySettings: + resourceID: + description: Immutable. Optional. The routine of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: description: |- - The security settings that apply to this backend service. This field is applicable to either - a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and - load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the - load_balancing_scheme set to INTERNAL_SELF_MANAGED. - properties: - clientTLSPolicyRef: - description: |- - ClientTlsPolicy is a resource that specifies how a client should - authenticate connections to backends of a service. This resource itself - does not affect configuration unless it is attached to a backend - service resource. *ConfigConnector only supports `external` - references for this field.* - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - subjectAltNames: - description: |- - A list of alternate names to verify the subject identity in the certificate. - If specified, the client will verify that the server certificate's subject - alt name matches one of the specified values. - items: - type: string - type: array - required: - - clientTLSPolicyRef - - subjectAltNames - type: object - sessionAffinity: + Immutable. Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: description: |- - Type of session affinity to use. The default is NONE. Session affinity is - not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + Immutable. A special group to grant access to. Possible values include: + + + * 'projectOwners': Owners of the enclosing project. + + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. type: string - subsetting: - description: Subsetting configuration for this BackendService. Currently - this is applicable only for Internal TCP/UDP load balancing and - Internal HTTP(S) load balancing. + userByEmail: + description: |- + Immutable. An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + Immutable. A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. properties: - policy: - description: 'The algorithm used for subsetting. Possible values: - ["CONSISTENT_HASH_SUBSETTING"].' + datasetId: + description: Immutable. The ID of the dataset containing this + table. + type: string + projectId: + description: Immutable. The ID of the project containing this + table. + type: string + tableId: + description: |- + Immutable. The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. type: string required: - - policy + - datasetId + - projectId + - tableId type: object - timeoutSec: - description: |- - How many seconds to wait for the backend before considering it a - failed request. Default is 30 seconds. Valid range is [1, 86400]. - type: integer required: - - location + - datasetId + - projectRef type: object status: properties: + apiUpdatedMember: + description: If true, represents that that the iam_member in the config + was translated to a different member type by the API, and is stored + in state as a different member type. + type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -10888,18 +8826,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. - type: string - generatedId: - description: The unique identifier for the resource. This identifier - is defined by the server. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -10907,8 +8833,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -10928,25 +8852,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computedisks.compute.cnrm.cloud.google.com + name: bigquerydatasets.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeDisk - plural: computedisks + kind: BigQueryDataset + plural: bigquerydatasets shortNames: - - gcpcomputedisk - - gcpcomputedisks - singular: computedisk + - gcpbigquerydataset + - gcpbigquerydatasets + singular: bigquerydataset preserveUnknownFields: false scope: Namespaced versions: @@ -10984,34 +8908,128 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskEncryptionKey: - description: |- - Immutable. Encrypts the disk using a customer-supplied encryption key. + access: + description: An array of objects that define dataset access for one + or more entities. + items: + properties: + dataset: + description: Grants all resources of particular types in a particular + dataset read access to the current dataset. + properties: + dataset: + description: The dataset this entry applies to. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + required: + - datasetId + - projectId + type: object + targetTypes: + description: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS. + items: + type: string + type: array + required: + - dataset + - targetTypes + type: object + domain: + description: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access. + type: string + groupByEmail: + description: An email address of a Google Group to grant access + to. + type: string + role: + description: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + [official docs](https://cloud.google.com/bigquery/docs/access-control). + type: string + specialGroup: + description: |- + A special group to grant access to. Possible values include: - After you encrypt a disk with a customer-supplied key, you must - provide the same key if you use the disk later (e.g. to create a disk - snapshot or an image, or to attach the disk to a virtual machine). - Customer-supplied encryption keys do not protect access to metadata of - the disk. + * 'projectOwners': Owners of the enclosing project. - If you do not provide an encryption key when creating the disk, then - the disk will be encrypted using an automatically generated key and - you do not need to provide a key to use the disk later. + + * 'projectReaders': Readers of the enclosing project. + + + * 'projectWriters': Writers of the enclosing project. + + + * 'allAuthenticatedUsers': All authenticated BigQuery users. + type: string + userByEmail: + description: |- + An email address of a user to grant access to. For example: + fred@example.com. + type: string + view: + description: |- + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + properties: + datasetId: + description: The ID of the dataset containing this table. + type: string + projectId: + description: The ID of the project containing this table. + type: string + tableId: + description: |- + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + type: string + required: + - datasetId + - projectId + - tableId + type: object + type: object + type: array + defaultCollation: + description: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + + The following values are supported: + - 'und:ci': undetermined locale, case insensitive. + - '': empty string. Default to case-sensitive behavior. + type: string + defaultEncryptionConfiguration: + description: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. properties: kmsKeyRef: description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. oneOf: - not: required: @@ -11038,188 +9056,85 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - key - - name - type: object - type: object - type: object - rsaEncryptedKey: - description: "Immutable. Specifies an RFC 4648 base64 encoded, - RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either - encrypt or decrypt \nthis resource. You can provide either the - rawKey or the rsaEncryptedKey." - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - imageRef: - description: The image from which to initialize this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - interface: - description: DEPRECATED. This field is no longer in use, disk interfaces - will be automatically determined on attachment. To resolve this - issue, remove this field from your config. Immutable. Specifies - the disk interface to use for attaching this disk, which is either - SCSI or NVME. The default is SCSI. - type: string - location: - description: 'Location represents the geographical location of the - ComputeDisk. Specify a region name or a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - multiWriter: - description: Immutable. Indicates whether or not the disk can be read/write - attached to more than one instance. - type: boolean - physicalBlockSizeBytes: - description: |- - Immutable. Physical block size of the persistent disk, in bytes. If not present - in a request, a default value is used. Currently supported sizes - are 4096 and 16384, other sizes may be added in the future. - If an unsupported value is requested, the error message will list - the supported values for the caller's project. - type: integer - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + required: + - kmsKeyRef + type: object + defaultPartitionExpirationMs: + description: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + + + Once this property is set, all newly-created partitioned tables in + the dataset will have an 'expirationMs' property in the 'timePartitioning' + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of 'defaultTableExpirationMs' + for partitioned tables: only one of 'defaultTableExpirationMs' and + 'defaultPartitionExpirationMs' will be used for any new partitioned + table. If you provide an explicit 'timePartitioning.expirationMs' when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + type: integer + defaultTableExpirationMs: + description: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + + + Once this property is set, all newly-created tables in the dataset + will have an 'expirationTime' property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the 'expirationTime' for a given + table is reached, that table will be deleted automatically. + If a table's 'expirationTime' is modified or removed before the + table expires, or if you provide an explicit 'expirationTime' when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + type: integer + description: + description: A user-friendly description of the dataset. + type: string + friendlyName: + description: A descriptive name for the dataset. + type: string + isCaseInsensitive: + description: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + type: boolean + location: + description: |- + Immutable. The geographic location where the dataset should reside. + See [official docs](https://cloud.google.com/bigquery/docs/dataset-locations). + + + There are two types of locations, regional or multi-regional. A regional + location is a specific geographic place, such as Tokyo, and a multi-regional + location is a large geographic area, such as the United States, that + contains at least two geographic places. + + + The default value is multi-regional location 'US'. + Changing this forces a new resource to be created. + type: string + maxTimeTravelHours: + description: Defines the time travel window in hours. The value can + be from 48 to 168 hours (2 to 7 days). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - required: - namespace @@ -11236,290 +9151,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - provisionedIops: - description: Immutable. Indicates how many IOPS must be provisioned - for the disk. - type: integer - replicaZones: - description: Immutable. URLs of the zones where the disk should be - replicated to. - items: - type: string - type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The datasetId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - resourcePolicies: - items: - description: Resource policies applied to this disk for automatic - snapshot creations. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - size: - description: |- - Size of the persistent disk, specified in GB. You can specify this - field when creating a persistent disk using the 'image' or - 'snapshot' parameter, or specify it alone to create an empty - persistent disk. - - If you specify this field along with 'image' or 'snapshot', - the value must not be less than the size of the image - or the size of the snapshot. - - Upsizing the disk is mutable, but downsizing the disk - requires re-creating the resource. - type: integer - snapshotRef: - description: The source snapshot used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceDiskRef: - description: The source disk used to create this disk. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source image. Required if - the source image is protected by a customer-supplied encryption key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceSnapshotEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyRef: - description: |- - The encryption key used to encrypt the disk. Your project's Compute - Engine System service account - ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. See - https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. - type: string - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - type: - description: |- - Immutable. URL of the disk type resource describing which disk type to use to - create the disk. Provide this when creating the disk. - type: string - required: - - location type: object status: properties: @@ -11549,20 +9185,19 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: + creationTime: description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string - lastAttachTimestamp: - description: Last attach timestamp in RFC3339 text format. - type: string - lastDetachTimestamp: - description: Last detach timestamp in RFC3339 text format. + The time when this dataset was created, in milliseconds since the + epoch. + type: integer + etag: + description: A hash of the resource. type: string + lastModifiedTime: + description: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -11572,39 +9207,7 @@ spec: type: integer selfLink: type: string - sourceDiskId: - description: |- - The ID value of the disk used to create this image. This value may - be used to determine whether the image was taken from the current - or a previous instance of a given disk name. - type: string - sourceImageId: - description: |- - The ID value of the image used to create this disk. This value - identifies the exact image that was used to create this persistent - disk. For example, if you created the persistent disk from an image - that was later deleted and recreated under the same name, the source - image ID would identify the exact version of the image that was used. - type: string - sourceSnapshotId: - description: |- - The unique ID of the snapshot used to create this disk. This value - identifies the exact snapshot that was used to create this persistent - disk. For example, if you created the persistent disk from a snapshot - that was later deleted and recreated under the same name, the source - snapshot ID would identify the exact version of the snapshot that was - used. - type: string - users: - description: |- - Links to the users of the disk (attached instances) in form: - project/zones/zone/instances/instance. - items: - type: string - type: array type: object - required: - - spec type: object served: true storage: true @@ -11621,25 +9224,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeexternalvpngateways.compute.cnrm.cloud.google.com + name: bigquerydatatransferconfigs.bigquerydatatransfer.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquerydatatransfer.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeExternalVPNGateway - plural: computeexternalvpngateways + kind: BigQueryDataTransferConfig + plural: bigquerydatatransferconfigs shortNames: - - gcpcomputeexternalvpngateway - - gcpcomputeexternalvpngateways - singular: computeexternalvpngateway + - gcpbigquerydatatransferconfig + - gcpbigquerydatatransferconfigs + singular: bigquerydatatransferconfig preserveUnknownFields: false scope: Namespaced versions: @@ -11659,7 +9262,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -11677,193 +9280,55 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. + dataRefreshWindowDays: + description: |- + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + type: integer + dataSourceId: + description: Immutable. The data source id. Cannot be changed once + the transfer config is created. type: string - interface: - description: Immutable. A list of interfaces on this external VPN - gateway. - items: - properties: - id: - description: |- - Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type - of this external VPN gateway - * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' - * '0, 1 - TWO_IPS_REDUNDANCY' - * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. - type: integer - ipAddress: - description: |- - Immutable. IP address of the interface in the external VPN gateway. - Only IPv4 is supported. This IP address can be either from - your on-premise gateway or another Cloud provider's VPN gateway, - it cannot be an IP address from Google Compute Engine. - type: string - type: object - type: array - redundancyType: - description: 'Immutable. Indicates the redundancy type of this external - VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", - "TWO_IPS_REDUNDANCY"].' + destinationDatasetId: + description: The BigQuery target dataset id. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + disabled: + description: When set to true, no runs are scheduled for a given transfer. + type: boolean + displayName: + description: The user specified display name for the transfer config. type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + emailPreferences: + description: |- + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + properties: + enableFailureEmail: + description: If true, email notifications will be sent on transfer + run failures. + type: boolean + required: + - enableFailureEmail + type: object + location: + description: |- + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicy - plural: computefirewallpolicies - shortNames: - - gcpcomputefirewallpolicy - - gcpcomputefirewallpolicies - singular: computefirewallpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - properties: - description: - description: An optional description of this resource. Provide this - property when you create the resource. + notificationPubsubTopic: + description: |- + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. type: string - folderRef: - description: Immutable. The Folder that this resource belongs to. - Only one of [folderRef, organizationRef] may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name of - a `Folder` resource (format: `folders/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + params: + additionalProperties: + type: string type: object - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [folderRef, organizationRef] may be specified. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -11880,13 +9345,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' @@ -11897,18 +9359,108 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: Immutable. User-provided name of the Organization firewall - policy. The name should be unique in the organization in which the - firewall policy is created. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? - which means the first character must be a lowercase letter, and - all following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + schedule: + description: |- + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + type: string + scheduleOptions: + description: Options customizing the data transfer schedule. + properties: + disableAutoScheduling: + description: |- + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + type: boolean + endTime: + description: |- + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + startTime: + description: |- + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + type: string + type: object + sensitiveParams: + description: |- + Different parameters are configured primarily using the the 'params' field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the 'params' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + secretAccessKey: + description: The Secret Access Key of the AWS account transferring + data from. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - secretAccessKey + type: object + serviceAccountName: + description: |- + Immutable. Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. type: string required: - - shortName + - dataSourceId + - displayName + - params + - projectRef type: object status: properties: @@ -11938,16 +9490,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: Fingerprint of the resource. This field is used internally - during updates of this resource. - type: string - id: - description: The unique identifier for the resource. This identifier - is defined by the server. + name: + description: |- + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId}. + Where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -11956,18 +9504,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Total count of all firewall policy rule tuples. A firewall - policy can not exceed a set number of tuples. - format: int64 - type: integer - selfLink: - description: Server-defined URL for the resource. - type: string - selfLinkWithId: - description: Server-defined URL for this resource with the resource - id. - type: string type: object required: - spec @@ -11987,25 +9523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryjobs.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewallPolicyAssociation - plural: computefirewallpolicyassociations + kind: BigQueryJob + plural: bigqueryjobs shortNames: - - gcpcomputefirewallpolicyassociation - - gcpcomputefirewallpolicyassociations - singular: computefirewallpolicyassociation + - gcpbigqueryjob + - gcpbigqueryjobs + singular: bigqueryjob preserveUnknownFields: false scope: Namespaced versions: @@ -12043,368 +9579,687 @@ spec: type: object spec: properties: - attachmentTargetRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external + copy: + description: Immutable. Copies a table. properties: - external: + createDisposition: description: |- - The target that the firewall policy is attached to. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + sourceTables: + description: Immutable. Source tables to copy. + items: + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + type: array + writeDisposition: description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. type: string + required: + - sourceTables type: object - firewallPolicyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + extract: + description: Immutable. Configures an extract job. properties: - external: + compression: description: |- - The firewall policy ID of the association. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Immutable. The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + destinationFormat: + description: |- + Immutable. The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - attachmentTargetRef - - firewallPolicyRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. + destinationUris: + description: Immutable. A list of fully-qualified Google Cloud + Storage URIs where the extracted table should be written. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - shortName: - description: The short name of the firewall policy of the association. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computefirewallpolicyrules.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeFirewallPolicyRule - plural: computefirewallpolicyrules - shortNames: - - gcpcomputefirewallpolicyrule - - gcpcomputefirewallpolicyrules - singular: computefirewallpolicyrule - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - action: - description: The Action to perform when the client connection triggers - the rule. Can currently be either "allow" or "deny()" where valid - values for status are 403, 404, and 502. - type: string - description: - description: An optional description for this resource. - type: string - direction: - description: 'The direction in which this rule applies. Possible values: - INGRESS, EGRESS' - type: string - disabled: - description: Denotes whether the firewall policy rule is disabled. - When set to true, the firewall policy rule is not enforced and traffic - behaves as if it did not exist. If this is unspecified, the firewall - policy rule will be enabled. - type: boolean - enableLogging: - description: 'Denotes whether to enable logging for a particular rule. - If logging is enabled, logs will be exported to the configured export - destination in Stackdriver. Logs may be exported to BigQuery or - Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' - type: boolean - firewallPolicyRef: - description: Immutable. - oneOf: - - not: + type: array + fieldDelimiter: + description: |- + Immutable. When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ','. + type: string + printHeader: + description: Immutable. Whether to print out a header row in the + results. Default is true. + type: boolean + sourceTable: + description: Immutable. A reference to the table being exported. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - tableRef + type: object + useAvroLogicalTypes: + description: Immutable. Whether to use logical types when extracting + to AVRO format. + type: boolean + required: + - destinationUris + type: object + jobTimeoutMs: + description: Immutable. Job timeout in milliseconds. If this time + limit is exceeded, BigQuery may attempt to terminate the job. + type: string + load: + description: Immutable. Configures a load job. properties: - external: + allowJaggedRows: description: |- - The firewall policy of the resource. - - Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). + Immutable. Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + type: boolean + allowQuotedNewlines: + description: |- + Immutable. Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + autodetect: + description: Immutable. Indicates if we should automatically infer + the options and schema for CSV and JSON sources. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string + required: + - kmsKeyRef + type: object + destinationTable: + description: Immutable. The destination table to load the data + into. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + encoding: + description: |- + Immutable. The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + fieldDelimiter: + description: |- + Immutable. The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). type: string - type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding 'action' is - enforced. - properties: - destIPRanges: - description: CIDR IP address range. Maximum number of destination - CIDR IP ranges allowed is 256. + ignoreUnknownValues: + description: |- + Immutable. Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names. + type: boolean + jsonExtension: + description: |- + Immutable. If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + type: string + maxBadRecords: + description: |- + Immutable. The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + type: integer + nullMarker: + description: |- + Immutable. Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + type: string + projectionFields: + description: |- + Immutable. If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. items: type: string type: array - layer4Configs: - description: Pairs of IP protocols and ports that the rule should - match. + quote: + description: |- + Immutable. The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. items: - properties: - ipProtocol: - description: The IP protocol to which this rule applies. - The protocol type is required when creating a firewall - rule. This value can either be one of the following well - known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, - `ipip`, `sctp`), or the IP protocol number. - type: string - ports: - description: 'An optional list of ports to which this rule - applies. This field is only applicable for UDP or TCP - protocol. Each entry must be either an integer or a range. - If not specified, this rule applies to connections through - any port. Example inputs include: ``.' - items: - type: string - type: array - required: - - ipProtocol - type: object + type: string type: array - srcIPRanges: - description: CIDR IP address range. Maximum number of source CIDR - IP ranges allowed is 256. + skipLeadingRows: + description: |- + Immutable. The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + type: integer + sourceFormat: + description: |- + Immutable. The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + type: string + sourceUris: + description: |- + Immutable. The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '\*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\*' wildcard character is not allowed. items: type: string type: array + timePartitioning: + description: Immutable. Time-based partitioning specification + for the destination table. + properties: + expirationMs: + description: Immutable. Number of milliseconds for which to + keep the storage for a partition. A wrapper is used here + because 0 is an invalid value. + type: string + field: + description: |- + Immutable. If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + type: string + type: + description: |- + Immutable. The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + type: string + required: + - type + type: object + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string required: - - layer4Configs + - destinationTable + - sourceUris type: object - priority: - description: Immutable. An integer indicating the priority of a rule - in the list. The priority must be a positive value between 0 and - 2147483647. Rules are evaluated from highest to lowest priority - where 0 is the highest priority and 2147483647 is the lowest prority. - format: int64 - type: integer - targetResources: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetServiceAccounts: - items: - oneOf: - - not: - required: - - external + location: + description: Immutable. The geographic location of the job. The default + value is US. + type: string + query: + description: Immutable. Configures a query job. + properties: + allowLargeResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + type: boolean + createDisposition: + description: |- + Immutable. Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion Default value: "CREATE_NEVER" Possible values: ["CREATE_IF_NEEDED", "CREATE_NEVER"]. + type: string + defaultDataset: + description: Immutable. Specifies the default dataset to use for + unqualified table names in the query. Note that this does not + alter behavior of unqualified dataset names. + properties: + datasetRef: + description: A reference to the dataset. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryDataset` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - datasetRef + type: object + destinationEncryptionConfiguration: + description: Immutable. Custom encryption configuration (e.g., + Cloud KMS keys). + properties: + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect + destination BigQuery table. The BigQuery Service Account associated + with your project requires access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyVersion: + description: Describes the Cloud KMS encryption key version + used to protect destination BigQuery table. + type: string required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - kmsKeyRef + type: object + destinationTable: + description: |- + Immutable. Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + properties: + tableRef: + description: A reference to the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `BigQueryTable` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - tableRef + type: object + flattenResults: + description: |- + Immutable. If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + type: boolean + maximumBillingTier: + description: |- + Immutable. Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: integer + maximumBytesBilled: + description: |- + Immutable. Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + type: string + parameterMode: + description: Immutable. Standard SQL only. Set to POSITIONAL to + use positional (?) query parameters or to NAMED to use named + (@myparam) query parameters in this query. + type: string + priority: + description: 'Immutable. Specifies a priority for the query. Default + value: "INTERACTIVE" Possible values: ["INTERACTIVE", "BATCH"].' + type: string + query: + description: |- + Immutable. SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + *NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language) + ('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = ""' and 'write_disposition = ""'. + type: string + schemaUpdateOptions: + description: |- + Immutable. Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + items: type: string - type: object - type: array - required: - - action - - direction - - firewallPolicyRef - - match - - priority + type: array + scriptOptions: + description: Immutable. Options controlling the execution of scripts. + properties: + keyResultStatement: + description: |- + Immutable. Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. Possible values: ["LAST", "FIRST_SELECT"]. + type: string + statementByteBudget: + description: Immutable. Limit on the number of bytes billed + per statement. Exceeding this budget results in an error. + type: string + statementTimeoutMs: + description: Immutable. Timeout period for each statement + in a script. + type: string + type: object + useLegacySql: + description: |- + Immutable. Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + type: boolean + useQueryCache: + description: |- + Immutable. Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + type: boolean + userDefinedFunctionResources: + description: Immutable. Describes user-defined function resources + used in the query. + items: + properties: + inlineCode: + description: |- + Immutable. An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + type: string + resourceUri: + description: Immutable. A code resource to load from a Google + Cloud Storage URI (gs://bucket/path). + type: string + type: object + type: array + writeDisposition: + description: |- + Immutable. Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. Default value: "WRITE_EMPTY" Possible values: ["WRITE_TRUNCATE", "WRITE_APPEND", "WRITE_EMPTY"]. + type: string + required: + - query + type: object + resourceID: + description: Immutable. Optional. The jobId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string type: object status: properties: @@ -12434,9 +10289,8 @@ spec: type: string type: object type: array - kind: - description: Type of the resource. Always `compute#firewallPolicyRule` - for firewall policy rules + jobType: + description: The type of the job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -12445,14 +10299,55 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - ruleTupleCount: - description: Calculation of the complexity of a single firewall policy - rule. - format: int64 - type: integer + status: + description: The status of this job. Examine this value when polling + an asynchronous job to see if the job is complete. + items: + properties: + errorResult: + description: Final error result of the job. If present, indicates + that the job has completed and was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + errors: + description: |- + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + items: + properties: + location: + description: Specifies where the error occurred, if present. + type: string + message: + description: A human-readable description of the error. + type: string + reason: + description: A short error code that summarizes the error. + type: string + type: object + type: array + state: + description: Running state of the job. Valid states include + 'PENDING', 'RUNNING', and 'DONE'. + type: string + type: object + type: array + userEmail: + description: Email address of the user who ran the job. + type: string type: object - required: - - spec type: object served: true storage: true @@ -12469,25 +10364,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computefirewalls.compute.cnrm.cloud.google.com + name: bigqueryreservationreservations.bigqueryreservation.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigqueryreservation.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeFirewall - plural: computefirewalls + kind: BigQueryReservationReservation + plural: bigqueryreservationreservations shortNames: - - gcpcomputefirewall - - gcpcomputefirewalls - singular: computefirewall + - gcpbigqueryreservationreservation + - gcpbigqueryreservationreservations + singular: bigqueryreservationreservation preserveUnknownFields: false scope: Namespaced versions: @@ -12507,7 +10402,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -12525,113 +10420,46 @@ spec: type: object spec: properties: - allow: - description: |- - The list of ALLOW rules specified by this firewall. Each rule - specifies a protocol and port-range tuple that describes a permitted - connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - deny: - description: |- - The list of DENY rules specified by this firewall. Each rule specifies - a protocol and port-range tuple that describes a denied connection. - items: - properties: - ports: - description: |- - An optional list of ports to which this rule applies. This field - is only applicable for UDP or TCP protocol. Each entry must be - either an integer or a range. If not specified, this rule - applies to connections through any port. - - Example inputs include: ["22"], ["80","443"], and - ["12345-12349"]. - items: - type: string - type: array - protocol: - description: |- - The IP protocol to which this rule applies. The protocol type is - required when creating a firewall rule. This value can either be - one of the following well known protocol strings (tcp, udp, - icmp, esp, ah, sctp, ipip, all), or the IP protocol number. - type: string - required: - - protocol - type: object - type: array - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + autoscale: + description: The configuration parameters for the auto scaling feature. + properties: + currentSlots: + description: The slot capacity added to this reservation when + autoscale happens. Will be between [0, max_slots]. + type: integer + maxSlots: + description: Number of slots to be scaled when needed. + type: integer + type: object + concurrency: + description: Maximum number of queries that are allowed to run concurrently + in this reservation. This is a soft limit due to asynchronous nature + of the system and various optimizations for small queries. Default + value is 0 which means that concurrency will be automatically set + based on the reservation size. + type: integer + edition: + description: Immutable. The edition type. Valid values are STANDARD, + ENTERPRISE, ENTERPRISE_PLUS. type: string - destinationRanges: + ignoreIdleSlots: description: |- - If destination ranges are specified, the firewall will apply only to - traffic that has destination IP address in these ranges. These ranges - must be expressed in CIDR format. Only IPv4 is supported. - items: - type: string - type: array - direction: + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + type: boolean + location: description: |- - Immutable. Direction of traffic to which this firewall applies; default is - INGRESS. Note: For INGRESS traffic, it is NOT supported to specify - destinationRanges; For EGRESS traffic, it is NOT supported to specify - 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. + Immutable. The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. type: string - disabled: + multiRegionAuxiliary: description: |- - Denotes whether the firewall rule is disabled, i.e not applied to the - network it is associated with. When set to true, the firewall rule is - not enforced and the network behaves as if it did not exist. If this - is unspecified, the firewall rule will be enabled. - type: boolean - enableLogging: - description: DEPRECATED. Deprecated in favor of log_config. This field - denotes whether to enable logging for a particular firewall rule. - If logging is enabled, logs will be exported to Stackdriver. + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. type: boolean - logConfig: - description: |- - This field denotes the logging options for a particular firewall rule. - If defined, logging is enabled, and logs will be exported to Cloud Logging. - properties: - metadata: - description: 'This field denotes whether to include or exclude - metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", - "INCLUDE_ALL_METADATA"].' - type: string - required: - - metadata - type: object - networkRef: - description: The network to attach this firewall to. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -12648,8 +10476,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -12658,137 +10485,272 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - priority: - description: |- - Priority for this rule. This is an integer between 0 and 65535, both - inclusive. When not specified, the value assumed is 1000. Relative - priorities determine precedence of conflicting rules. Lower value of - priority implies higher precedence (eg, a rule with priority 0 has - higher precedence than a rule with priority 1). DENY rules take - precedence over ALLOW rules having equal priority. - type: integer resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceRanges: + slotCapacity: description: |- - If source ranges are specified, the firewall will apply only to - traffic that has source IP address in these ranges. These ranges must - be expressed in CIDR format. One or both of sourceRanges and - sourceTags may be set. If both properties are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP that belongs to a tag listed in the sourceTags property. The - connection does not need to match both properties for the firewall to - apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges', - 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - sourceServiceAccounts: + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + type: integer + required: + - location + - projectRef + - slotCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: |- - If source service accounts are specified, the firewall will apply only - to traffic originating from an instance with a service account in this - list. Source service accounts cannot be used to control traffic to an - instance's external IP address because service accounts are associated - with an instance, not an IP address. sourceRanges can be set at the - same time as sourceServiceAccounts. If both are set, the firewall will - apply to traffic that has source IP address within sourceRanges OR the - source IP belongs to an instance with service account listed in - sourceServiceAccount. The connection does not need to match both - properties for the firewall to apply. sourceServiceAccounts cannot be - used at the same time as sourceTags or targetTags. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + message: + description: Human-readable message indicating details about + last transition. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array - sourceTags: - description: |- - If source tags are specified, the firewall will apply only to traffic - with source IP that belongs to a tag listed in source tags. Source - tags cannot be used to control traffic to an instance's external IP - address. Because tags are associated with an instance, not an IP - address. One or both of sourceRanges and sourceTags may be set. If - both properties are set, the firewall will apply to traffic that has - source IP address within sourceRanges OR the source IP that belongs to - a tag listed in the sourceTags property. The connection does not need - to match both properties for the firewall to apply. For INGRESS traffic, - one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. - items: - type: string - type: array - targetServiceAccounts: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: bigqueryroutines.bigquery.cnrm.cloud.google.com +spec: + group: bigquery.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BigQueryRoutine + plural: bigqueryroutines + shortNames: + - gcpbigqueryroutine + - gcpbigqueryroutines + singular: bigqueryroutine + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + arguments: + description: Input/output argument of a function or a stored procedure. items: - description: |- - A list of service accounts indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - targetServiceAccounts cannot be used at the same time as targetTags or - sourceTags. If neither targetServiceAccounts nor targetTags are - specified, the firewall rule applies to all instances on the specified - network. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + argumentKind: + description: 'Defaults to FIXED_TYPE. Default value: "FIXED_TYPE" + Possible values: ["FIXED_TYPE", "ANY_TYPE"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + dataType: + description: |- + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>**NOTE**: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + mode: + description: 'Specifies whether the argument is input or output. + Can be set for procedures only. Possible values: ["IN", "OUT", + "INOUT"].' + type: string + name: + description: The name of this argument. Can be absent for function + return argument. type: string type: object type: array - targetTags: + datasetRef: + description: The ID of the dataset containing this routine. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigQueryDataset` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + definitionBody: description: |- - A list of instance tags indicating sets of instances located in the - network that may make network connections as specified in allowed[]. - If no targetTags are specified, the firewall rule applies to all - instances on the specified network. + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + type: string + description: + description: The description of the routine if defined. + type: string + determinismLevel: + description: 'The determinism level of the JavaScript UDF if defined. + Possible values: ["DETERMINISM_LEVEL_UNSPECIFIED", "DETERMINISTIC", + "NOT_DETERMINISTIC"].' + type: string + importedLibraries: + description: |- + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. items: type: string type: array + language: + description: 'The language of the routine. Possible values: ["SQL", + "JAVASCRIPT"].' + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The routineId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + returnTableType: + description: |- + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + type: string + returnType: + description: |- + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>**NOTE**: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + type: string + routineType: + description: 'Immutable. The type of routine. Possible values: ["SCALAR_FUNCTION", + "PROCEDURE", "TABLE_VALUED_FUNCTION"].' + type: string required: - - networkRef + - datasetRef + - definitionBody + - projectRef type: object status: properties: @@ -12818,9 +10780,16 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + creationTime: + description: |- + The time when this routine was created, in milliseconds since the + epoch. + type: integer + lastModifiedTime: + description: |- + The time when this routine was modified, in milliseconds since the + epoch. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -12828,8 +10797,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object required: - spec @@ -12849,25 +10816,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeforwardingrules.compute.cnrm.cloud.google.com + name: bigquerytables.bigquery.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigquery.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeForwardingRule - plural: computeforwardingrules + kind: BigQueryTable + plural: bigquerytables shortNames: - - gcpcomputeforwardingrule - - gcpcomputeforwardingrules - singular: computeforwardingrule + - gcpbigquerytable + - gcpbigquerytables + singular: bigquerytable preserveUnknownFields: false scope: Namespaced versions: @@ -12905,26 +10872,14 @@ spec: type: object spec: properties: - allPorts: - description: Immutable. This field is used along with the `backend_service` - field for internal load balancing or with the `target` field for - internal TargetInstance. This field cannot be used with `port` or - `portRange` fields. When the load balancing scheme is `INTERNAL` - and protocol is TCP/UDP, specify this field to allow packets addressed - to any ports will be forwarded to the backends configured with this - forwarding rule. - type: boolean - allowGlobalAccess: - description: This field is used along with the `backend_service` field - for internal load balancing or with the `target` field for internal - TargetInstance. If the field is set to `TRUE`, clients can access - ILB from all regions. Otherwise only allows access from clients - in the same region as the internal load balancer. - type: boolean - backendServiceRef: - description: |- - A ComputeBackendService to receive the matched traffic. This is - used only for internal load balancing. + clustering: + description: Specifies column names to use for data clustering. Up + to four top-level columns are allowed, and should be specified in + descending priority order. + items: + type: string + type: array + datasetRef: oneOf: - not: required: @@ -12941,7 +10896,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + description: 'Allowed value: The `name` field of a `BigQueryDataset` resource.' type: string name: @@ -12952,37 +10907,14 @@ spec: type: string type: object description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. + description: The field description. type: string - ipAddress: - description: |- - The IP address that this forwarding rule is serving on behalf of. - - Addresses are restricted based on the forwarding rule's load - balancing scheme (EXTERNAL or INTERNAL) and scope (global or - regional). - - When the load balancing scheme is EXTERNAL, for global forwarding - rules, the address must be a global IP, and for regional forwarding - rules, the address must live in the same region as the forwarding - rule. If this field is empty, an ephemeral IPv4 address from the - same scope (global or regional) will be assigned. A regional - forwarding rule supports IPv4 only. A global forwarding rule - supports either IPv4 or IPv6. - - When the load balancing scheme is INTERNAL, this can only be an RFC - 1918 IP address belonging to the network/subnet configured for the - forwarding rule. By default, if this field is empty, an ephemeral - internal IP address will be automatically allocated from the IP - range of the subnet or network configured for this forwarding rule. - oneOf: - - required: - - addressRef - - required: - - ip + encryptionConfiguration: + description: Immutable. Specifies how the table should be encrypted. + If left blank, the table will be encrypted with a Google-managed + key; that process is transparent to the user. properties: - addressRef: + kmsKeyRef: oneOf: - not: required: @@ -12999,7 +10931,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -13009,426 +10941,257 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ip: + kmsKeyVersion: + description: The self link or full name of the kms key version + used to encrypt this table. type: string + required: + - kmsKeyRef type: object - ipProtocol: - description: Immutable. The IP protocol to which this rule applies. - For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, - `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the - load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are - valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, - and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the - load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. - For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing - scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP - Load Balancing, the load balancing scheme is `EXTERNAL`, and one - of `TCP` or `UDP` is valid. - type: string - ipVersion: - description: 'Immutable. The IP Version that will be used by this - forwarding rule. Valid options are `IPV4` or `IPV6`. This can only - be specified for an external global forwarding rule. Possible values: - UNSPECIFIED_VERSION, IPV4, IPV6.' - type: string - isMirroringCollector: - description: Immutable. Indicates whether or not this load balancer - can be used as a collector for packet mirroring. To prevent mirroring - loops, instances behind this load balancer will not have their traffic - mirrored even if a `PacketMirroring` rule applies to them. This - can only be set to true for load balancers that have their `loadBalancingScheme` - set to `INTERNAL`. - type: boolean - loadBalancingScheme: - description: "Immutable. Specifies the forwarding rule type.\n\n* - \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n - \ * Protocol forwarding to VMs from an external IP address\n - \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, - and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol - forwarding to VMs from an internal IP address\n * Internal - TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * - \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` - is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is - used for:\n * Global external HTTP(S) load balancers \n\nFor - more information about forwarding rules, refer to [Forwarding rule - concepts](/load-balancing/docs/forwarding-rule-concepts). Possible - values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, - EXTERNAL, EXTERNAL_MANAGED." - type: string - location: - description: 'Location represents the geographical location of the - ComputeForwardingRule. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - metadataFilters: - description: |- - Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. - - For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. - - `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. - - `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. - items: - properties: - filterLabels: - description: |- - Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` - - This list must not be empty and can have at the most 64 entries. - items: - properties: - name: - description: |- - Immutable. Name of metadata label. - - The name can have a maximum length of 1024 characters and must be at least 1 character long. - type: string - value: - description: |- - Immutable. The value of the label must match the specified value. - - value can have a maximum length of 1024 characters. - type: string - required: - - name - - value - type: object - type: array - filterMatchCriteria: - description: |- - Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. - - Supported values are: - - * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. - * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. - type: string - required: - - filterLabels - - filterMatchCriteria - type: object - type: array - networkRef: - description: |- - This field is not used for external load balancing. For internal - load balancing, this field identifies the network that the load - balanced IP should belong to for this forwarding rule. If this - field is not specified, the default network will be used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + expirationTime: + description: The time when this table expires, in milliseconds since + the epoch. If not present, the table will persist indefinitely. + Expired tables will be deleted and their storage reclaimed. + type: integer + externalDataConfiguration: + description: Describes the data format, location, and other properties + of a table stored outside of BigQuery. By defining these properties, + the data source can then be queried as if it were a standard BigQuery + table. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. This signifies the networking tier used for - configuring this load balancer and can only take the following values: - `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values - are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid - value is `PREMIUM`. If this field is not specified, it is assumed - to be `PREMIUM`. If `IPAddress` is specified, this value must be - equal to the networkTier of the Address.' - type: string - portRange: - description: |- - Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: - - * TargetHttpProxy: 80, 8080 - * TargetHttpsProxy: 443 - * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 - * TargetVpnGateway: 500, 4500 - - @pattern: d+(?:-d+)?. - type: string - ports: - description: 'Immutable. This field is used along with the `backend_service` - field for internal load balancing. When the load balancing scheme - is `INTERNAL`, a list of ports can be configured, for example, [''80''], - [''8000'',''9000'']. Only packets addressed to these ports are forwarded - to the backends configured with the forwarding rule. If the forwarding - rule''s loadBalancingScheme is INTERNAL, you can specify ports in - one of the following ways: * A list of up to five ports, which can - be non-contiguous * Keyword `ALL`, which causes the forwarding rule - to forward traffic on any port of the forwarding rule''s protocol. - @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceDirectoryRegistrations: - description: Immutable. Service Directory resources to register this - forwarding rule with. Currently, only supports a single Service - Directory resource. - items: - properties: - namespace: - description: Immutable. Service Directory namespace to register - the forwarding rule under. - type: string - service: - description: Immutable. Service Directory service to register - the forwarding rule under. - type: string - type: object - type: array - serviceLabel: - description: Immutable. An optional prefix to the service name for - this Forwarding Rule. If specified, the prefix is the first label - of the fully qualified service name. The label must be 1-63 characters - long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - Specifically, the label must be 1-63 characters long and match the - regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the - first character must be a lowercase letter, and all following characters - must be a dash, lowercase letter, or digit, except the last character, - which cannot be a dash. This field is only used for internal load - balancing. - type: string - subnetworkRef: - description: |- - The subnetwork that the load balanced IP should belong to for this - forwarding rule. This field is only used for internal load - balancing. - - If the network specified is in auto subnet mode, this field is - optional. However, if the network is in custom subnet mode, a - subnetwork must be specified. - oneOf: - - not: + autodetect: + description: Let BigQuery try to autodetect the schema and format + of the table. + type: boolean + avroOptions: + description: Additional options if source_format is set to "AVRO". + properties: + useAvroLogicalTypes: + description: If sourceFormat is set to "AVRO", indicates whether + to interpret logical types as the corresponding BigQuery + data type (for example, TIMESTAMP), instead of using the + raw type (for example, INTEGER). + type: boolean required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - useAvroLogicalTypes + type: object + compression: + description: The compression type of the data source. Valid values + are "NONE" or "GZIP". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + connectionId: + description: The connection specifying the credentials to be used + to read external storage, such as Azure Blob, Cloud Storage, + or S3. The connectionId can have the form "{{project}}.{{location}}.{{connection_id}}" + or "projects/{{project}}/locations/{{location}}/connections/{{connection_id}}". type: string - type: object - target: - description: |- - The target resource to receive the matched traffic. The forwarded - traffic must be of a type appropriate to the target object. For - INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets - are valid. - oneOf: - - required: - - targetGRPCProxyRef - - required: - - targetHTTPProxyRef - - required: - - targetHTTPSProxyRef - - required: - - targetSSLProxyRef - - required: - - targetTCPProxyRef - - required: - - targetVPNGatewayRef - properties: - targetGRPCProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - targetHTTPSProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + csvOptions: + description: Additional properties to set if source_format is + set to "CSV". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` - resource.' + allowJaggedRows: + description: Indicates if BigQuery should accept rows that + are missing trailing optional columns. + type: boolean + allowQuotedNewlines: + description: Indicates if BigQuery should allow quoted data + sections that contain newline characters in a CSV file. + The default value is false. + type: boolean + encoding: + description: The character encoding of the data. The supported + values are UTF-8 or ISO-8859-1. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + fieldDelimiter: + description: The separator for fields in a CSV file. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + quote: type: string + skipLeadingRows: + description: The number of rows at the top of a CSV file that + BigQuery will skip when reading the data. + type: integer + required: + - quote type: object - targetSSLProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + googleSheetsOptions: + description: Additional options if source_format is set to "GOOGLE_SHEETS". properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + range: + description: 'Range of a sheet to query from. Only used when + non-empty. At least one of range or skip_leading_rows must + be set. Typical format: "sheet_name!top_left_cell_id:bottom_right_cell_id" + For example: "sheet1!A1:B20".' type: string + skipLeadingRows: + description: The number of rows at the top of the sheet that + BigQuery will skip when reading the data. At least one of + range or skip_leading_rows must be set. + type: integer type: object - targetTCPProxyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + hivePartitioningOptions: + description: When set, configures hive partitioning support. Not + all storage formats support hive partitioning -- requesting + hive partitioning on an unsupported format will lead to an error, + as will providing an invalid specification. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + mode: + description: When set, what mode of hive partitioning to use + when reading data. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requirePartitionFilter: + description: If set to true, queries over this table require + a partition filter that can be used for partition elimination + to be specified. + type: boolean + sourceUriPrefix: + description: When hive partition detection is requested, a + common for all source uris must be required. The prefix + must end immediately before the partition key encoding begins. type: string type: object - targetVPNGatewayRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + ignoreUnknownValues: + description: Indicates if BigQuery should allow extra values that + are not represented in the table schema. If true, the extra + values are ignored. If false, records with extra columns are + treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default + value is false. + type: boolean + maxBadRecords: + description: The maximum number of bad records that BigQuery can + ignore when reading data. + type: integer + referenceFileSchemaUri: + description: 'When creating an external table, the user can provide + a reference file with the table schema. This is enabled for + the following formats: AVRO, PARQUET, ORC.' + type: string + schema: + description: Immutable. A JSON schema for the external table. + Schema is required for CSV and JSON formats and is disallowed + for Google Cloud Bigtable, Cloud Datastore backups, and Avro + formats when using external tables. + type: string + sourceFormat: + description: 'The data format. Supported values are: "CSV", "GOOGLE_SHEETS", + "NEWLINE_DELIMITED_JSON", "AVRO", "PARQUET", "ORC" and "DATASTORE_BACKUP". + To use "GOOGLE_SHEETS" the scopes must include "googleapis.com/auth/drive.readonly".' + type: string + sourceUris: + description: A list of the fully-qualified URIs that point to + your data in Google Cloud. + items: + type: string + type: array + required: + - autodetect + - sourceFormat + - sourceUris + type: object + friendlyName: + description: A descriptive name for the table. + type: string + materializedView: + description: If specified, configures this table as a materialized + view. + properties: + enableRefresh: + description: Specifies if BigQuery should automatically refresh + materialized view when the base table is updated. The default + is true. + type: boolean + query: + description: Immutable. A query whose result is persisted. + type: string + refreshIntervalMs: + description: Specifies maximum frequency at which this materialized + view will be refreshed. The default is 1800000. + type: integer + required: + - query + type: object + rangePartitioning: + description: If specified, configures range-based partitioning for + this table. + properties: + field: + description: Immutable. The field used to determine how to create + a range-based partition. + type: string + range: + description: Information required to partition based on ranges. + Structure is documented below. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + end: + description: End of the range partitioning, exclusive. + type: integer + interval: + description: The width of each range within the partition. + type: integer + start: + description: Start of the range partitioning, inclusive. + type: integer + required: + - end + - interval + - start type: object + required: + - field + - range + type: object + resourceID: + description: Immutable. Optional. The tableId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + schema: + description: A JSON schema for the table. + type: string + timePartitioning: + description: If specified, configures time-based partitioning for + this table. + properties: + expirationMs: + description: Number of milliseconds for which to keep the storage + for a partition. + type: integer + field: + description: Immutable. The field used to determine how to create + a time-based partition. If time-based partitioning is enabled + without this value, the table is partitioned based on the load + time. + type: string + requirePartitionFilter: + description: If set to true, queries over this table require a + partition filter that can be used for partition elimination + to be specified. + type: boolean + type: + description: The supported types are DAY, HOUR, MONTH, and YEAR, + which will generate one partition per day, hour, month, and + year, respectively. + type: string + required: + - type + type: object + view: + description: If specified, configures this table as a view. + properties: + query: + description: A query that BigQuery executes when the view is referenced. + type: string + useLegacySql: + description: Specifies whether to use BigQuery's legacy SQL for + this view. The default value is true. If set to false, the view + will use BigQuery's standard SQL. + type: boolean + required: + - query type: object required: - - location + - datasetRef type: object status: properties: @@ -13458,35 +11221,45 @@ spec: type: string type: object type: array - creationTimestamp: - description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) - text format.' - type: string - labelFingerprint: - description: Used internally during label updates. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. + creationTime: + description: The time when this table was created, in milliseconds + since the epoch. type: integer - pscConnectionId: - description: The PSC connection id of the PSC Forwarding Rule. + etag: + description: A hash of the resource. type: string - pscConnectionStatus: - description: 'The PSC connection status of the PSC Forwarding Rule. - Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, - CLOSED.' + lastModifiedTime: + description: The time when this table was last modified, in milliseconds + since the epoch. + type: integer + location: + description: The geographic location where the table resides. This + value is inherited from the dataset. type: string + numBytes: + description: The geographic location where the table resides. This + value is inherited from the dataset. + type: integer + numLongTermBytes: + description: The number of bytes in the table that are considered + "long-term storage". + type: integer + numRows: + description: The number of rows of data in this table, excluding any + data in the streaming buffer. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer selfLink: - description: '[Output Only] Server-defined URL for the resource.' + description: The URI of the created resource. type: string - serviceName: - description: '[Output Only] The internal fully qualified service name - for this Forwarding Rule. This field is only used for internal load - balancing.' + type: + description: Describes the table type. type: string type: object required: @@ -13507,25 +11280,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehealthchecks.compute.cnrm.cloud.google.com + name: bigtableappprofiles.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHealthCheck - plural: computehealthchecks + kind: BigtableAppProfile + plural: bigtableappprofiles shortNames: - - gcpcomputehealthcheck - - gcpcomputehealthchecks - singular: computehealthcheck + - gcpbigtableappprofile + - gcpbigtableappprofiles + singular: bigtableappprofile preserveUnknownFields: false scope: Namespaced versions: @@ -13563,350 +11336,70 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. + description: Long form description of the use case for this app profile. type: string - grpcHealthCheck: - description: A nested object resource. + instanceRef: + description: The instance to create the app profile within. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - grpcServiceName: - description: |- - The gRPC service name for the health check. - The value of grpcServiceName has the following meanings by convention: - - Empty serviceName means the overall status of all services at the backend. - - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. - The grpcServiceName can only be ASCII. + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' type: string - port: - description: |- - The port number for the health check request. - Must be specified if portName and portSpecification are not set - or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, gRPC health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - healthyThreshold: + multiClusterRoutingClusterIds: + description: The set of clusters to route to. The order is ignored; + clusters will be tried in order of distance. If left empty, all + clusters are eligible. + items: + type: string + type: array + multiClusterRoutingUseAny: description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - http2HealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP2 health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP2 health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP2 health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP2 health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTP health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - httpsHealthCheck: - description: A nested object resource. - properties: - host: - description: |- - The value of the host header in the HTTPS health check request. - If left empty (default value), the public IP on behalf of which this health - check is performed will be used. - type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, HTTPS health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - location: - description: 'Location represents the geographical location of the - ComputeHealthCheck. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - logConfig: - description: Configure logging on this health check. - properties: - enable: - description: |- - Indicates whether or not to export logs. This is false by default, - which means no health check logging will be done. - type: boolean - type: object + If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available + in the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes + consistency to improve availability. + type: boolean resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The appProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslHealthCheck: - description: A nested object resource. - properties: - port: - description: |- - The TCP port number for the SSL health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, SSL health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the SSL connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: - description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. - type: string - type: object - tcpHealthCheck: - description: A nested object resource. + singleClusterRouting: + description: Use a single-cluster routing policy. properties: - port: - description: |- - The TCP port number for the TCP health check request. - The default value is 443. - type: integer - portName: - description: |- - Port name as defined in InstanceGroup#NamedPort#name. If both port and - port_name are defined, port takes precedence. - type: string - portSpecification: - description: |- - Specifies how port is selected for health checking, can be one of the - following values: - - * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. - - * 'USE_NAMED_PORT': The 'portName' is used for health checking. - - * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each - network endpoint is used for health checking. For other backends, the - port or named port specified in the Backend Service is used for health - checking. - - If not specified, TCP health check follows behavior specified in 'port' and - 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to the - backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. - type: string - request: - description: |- - The application data to send once the TCP connection has been - established (default value is empty). If both request and response are - empty, the connection establishment alone will indicate health. The request - data can only be ASCII. - type: string - response: + allowTransactionalWrites: description: |- - The bytes to match against the beginning of the response data. If left empty - (the default value), any response will indicate health. The response data - can only be ASCII. + If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile. + It is unsafe to send these requests to the same table/row/column in multiple clusters. + type: boolean + clusterId: + description: The cluster to which read/write requests should be + routed. type: string + required: + - clusterId type: object - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - required: - - location type: object status: properties: @@ -13936,8 +11429,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + name: + description: The unique name of the requested app profile. Values + are of the form 'projects//instances//appProfiles/'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -13946,15 +11440,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - type: - description: The type of the health check. One of HTTP, HTTPS, TCP, - or SSL. - type: string type: object - required: - - spec type: object served: true storage: true @@ -13971,25 +11457,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttphealthchecks.compute.cnrm.cloud.google.com + name: bigtablegcpolicies.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPHealthCheck - plural: computehttphealthchecks + kind: BigtableGCPolicy + plural: bigtablegcpolicies shortNames: - - gcpcomputehttphealthcheck - - gcpcomputehttphealthchecks - singular: computehttphealthcheck + - gcpbigtablegcpolicy + - gcpbigtablegcpolicies + singular: bigtablegcpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -14027,54 +11513,117 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTP health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + columnFamily: + description: Immutable. The name of the column family. type: string - port: - description: |- - The TCP port number for the HTTP health check request. - The default value is 80. - type: integer - requestPath: - description: |- - The request path of the HTTP health check request. - The default value is /. + deletionPolicy: + description: "The deletion policy for the GC policy. Setting ABANDON + allows the resource\n\t\t\t\tto be abandoned rather than deleted. + This is useful for GC policy as it cannot be deleted\n\t\t\t\tin + a replicated instance. Possible values are: \"ABANDON\"." type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + gcRules: + description: Serialized JSON string for garbage collection policy. + Conflicts with "mode", "max_age" and "max_version". type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer - type: object + instanceRef: + description: The name of the Bigtable instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxAge: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all cells + older than the given age.' + items: + properties: + days: + description: DEPRECATED. Deprecated in favor of duration. Immutable. + Number of days before applying GC policy. + type: integer + duration: + description: Immutable. Duration before applying GC policy. + type: string + type: object + type: array + maxVersion: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. GC policy that applies to all versions + of a cell except for the most recent.' + items: + properties: + number: + description: Immutable. Number of version before applying the + GC policy. + type: integer + required: + - number + type: object + type: array + mode: + description: 'Immutable. NOTE: ''gc_rules'' is more flexible, and + should be preferred over this field for new resources. This field + may be deprecated in the future. If multiple policies are set, you + should choose between UNION OR INTERSECTION.' + type: string + tableRef: + description: The name of the table. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BigtableTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - columnFamily + - instanceRef + - tableRef + type: object status: properties: conditions: @@ -14103,9 +11652,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14113,9 +11659,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14132,25 +11678,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computehttpshealthchecks.compute.cnrm.cloud.google.com + name: bigtableinstances.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeHTTPSHealthCheck - plural: computehttpshealthchecks + kind: BigtableInstance + plural: bigtableinstances shortNames: - - gcpcomputehttpshealthcheck - - gcpcomputehttpshealthchecks - singular: computehttpshealthcheck + - gcpbigtableinstance + - gcpbigtableinstances + singular: bigtableinstance preserveUnknownFields: false scope: Namespaced versions: @@ -14188,53 +11734,121 @@ spec: type: object spec: properties: - checkIntervalSec: - description: |- - How often (in seconds) to send a health check. The default value is 5 - seconds. - type: integer - description: - description: |- - An optional description of this resource. Provide this property when - you create the resource. - type: string - healthyThreshold: - description: |- - A so-far unhealthy instance will be marked healthy after this many - consecutive successes. The default value is 2. - type: integer - host: - description: |- - The value of the host header in the HTTPS health check request. If - left empty (default value), the public IP on behalf of which this - health check is performed will be used. + cluster: + description: A block of cluster configuration options. This can be + specified at least once. + items: + properties: + autoscalingConfig: + description: A list of Autoscaling configurations. Only one + element is used and allowed. + properties: + cpuTarget: + description: The target CPU utilization for autoscaling. + Value must be between 10 and 80. + type: integer + maxNodes: + description: The maximum number of nodes for autoscaling. + type: integer + minNodes: + description: The minimum number of nodes for autoscaling. + type: integer + storageTarget: + description: The target storage utilization for autoscaling, + in GB, for each node in a cluster. This number is limited + between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster + and between 8192 (8TiB) and 16384 (16 TiB) for an HDD + cluster. If not set, whatever is already set for the cluster + will not change, or if the cluster is just being created, + it will use the default value of 2560 for SSD clusters + and 8192 for HDD clusters. + type: integer + required: + - cpuTarget + - maxNodes + - minNodes + type: object + clusterId: + description: The ID of the Cloud Bigtable cluster. Must be 6-30 + characters and must only contain hyphens, lowercase letters + and numbers. + type: string + kmsKeyRef: + description: |- + Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable + cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains + this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. + 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. + 3) All clusters within an instance must use the same CMEK key access to this encryption key. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + numNodes: + description: The number of nodes in your Cloud Bigtable cluster. + Required, with a minimum of 1 for each cluster in an instance. + type: integer + storageType: + description: The storage type to use. One of "SSD" or "HDD". + Defaults to "SSD". + type: string + zone: + description: The zone to create the Cloud Bigtable cluster in. + Each cluster must have a different zone in the same region. + Zones that support Bigtable instances are noted on the Cloud + Bigtable locations page. + type: string + required: + - clusterId + - zone + type: object + type: array + deletionProtection: + description: DEPRECATED. This field no longer serves any function + and is intended to be dropped in a later version of the resource. + type: boolean + displayName: + description: The human-readable display name of the Bigtable instance. + Defaults to the instance name. type: string - port: - description: |- - The TCP port number for the HTTPS health check request. - The default value is 443. - type: integer - requestPath: - description: |- - The request path of the HTTPS health check request. - The default value is /. + instanceType: + description: DEPRECATED. It is recommended to leave this field unspecified + since the distinction between "DEVELOPMENT" and "PRODUCTION" instances + is going away, and all instances will become "PRODUCTION" instances. + This means that new and existing "DEVELOPMENT" instances will be + converted to "PRODUCTION" instances. It is recommended for users + to use "PRODUCTION" instances in any case, since a 1-node "PRODUCTION" + instance is functionally identical to a "DEVELOPMENT" instance, + but without the accompanying restrictions. The instance type to + create. One of "DEVELOPMENT" or "PRODUCTION". Defaults to "PRODUCTION". type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - timeoutSec: - description: |- - How long (in seconds) to wait before claiming failure. - The default value is 5 seconds. It is invalid for timeoutSec to have - greater value than checkIntervalSec. - type: integer - unhealthyThreshold: - description: |- - A so-far healthy instance will be marked unhealthy after this many - consecutive failures. The default value is 2. - type: integer type: object status: properties: @@ -14264,9 +11878,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14274,8 +11885,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object type: object served: true @@ -14293,25 +11902,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeimages.compute.cnrm.cloud.google.com + name: bigtabletables.bigtable.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: bigtable.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeImage - plural: computeimages + kind: BigtableTable + plural: bigtabletables shortNames: - - gcpcomputeimage - - gcpcomputeimages - singular: computeimage + - gcpbigtabletable + - gcpbigtabletables + singular: bigtabletable preserveUnknownFields: false scope: Namespaced versions: @@ -14349,205 +11958,27 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - diskRef: - description: |- - The source disk to create this image based on. - You must provide either this property or the - rawDisk.source property but not both to create an image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the image when restored onto a persistent - disk (in GB). - type: integer - family: - description: |- - Immutable. The name of the image family to which this image belongs. You can - create disks by specifying an image family instead of a specific - image name. The image family always returns its latest image that is - not deprecated. The name of the image family must comply with - RFC1035. - type: string - guestOsFeatures: - description: |- - Immutable. A list of features to enable on the guest operating system. - Applicable only for bootable images. + columnFamily: + description: A group of columns within a table which share a common + configuration. This can be specified multiple times. items: properties: - type: - description: 'Immutable. The type of supported feature. Read - [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) - to see a list of available options. Possible values: ["MULTI_IP_SUBNET", - "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", - "WINDOWS", "GVNIC"].' + family: + description: The name of the column family. type: string required: - - type + - family type: object type: array - imageEncryptionKey: - description: |- - Immutable. Encrypts the image using a customer-supplied encryption key. - - After you encrypt an image with a customer-supplied key, you must - provide the same key if you use the image later (e.g. to create a - disk from the image). - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - licenses: - description: Immutable. Any applicable license URI. - items: - type: string - type: array - rawDisk: - description: Immutable. The parameters of the raw disk image. - properties: - containerType: - description: |- - Immutable. The format used to encode and transmit the block device, which - should be TAR. This is just a container and transmission format - and not a runtime format. Provided by the client when the disk - image is created. Default value: "TAR" Possible values: ["TAR"]. - type: string - sha1: - description: |- - Immutable. An optional SHA1 checksum of the disk image before unpackaging. - This is provided by the client when the disk image is created. - type: string - source: - description: |- - Immutable. The full Google Cloud Storage URL where disk storage is stored - You must provide either this property or the sourceDisk property - but not both. - type: string - required: - - source - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + deletionProtection: + description: A field to make the table protected against data loss + i.e. when set to PROTECTED, deleting the table, the column families + in the table, and the instance containing the table would be prohibited. + If not provided, currently deletion protection will be set to UNPROTECTED + as it is the API default value. type: string - sourceImageRef: - description: The source image used to create this image. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotRef: - description: The source snapshot used to create this image. + instanceRef: + description: The name of the Bigtable instance. oneOf: - not: required: @@ -14564,7 +11995,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + description: 'Allowed value: The `name` field of a `BigtableInstance` resource.' type: string name: @@ -14574,14 +12005,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + splitKeys: + items: + type: string + type: array + required: + - instanceRef type: object status: properties: - archiveSizeBytes: - description: |- - Size of the image tar.gz archive stored in Google Cloud Storage (in - bytes). - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -14608,14 +12045,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - labelFingerprint: - description: |- - The fingerprint used for optimistic locking of this resource. Used - internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -14623,9 +12052,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string type: object + required: + - spec type: object served: true storage: true @@ -14642,25 +12071,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com + name: billingbudgetsbudgets.billingbudgets.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: billingbudgets.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroupManager - plural: computeinstancegroupmanagers + kind: BillingBudgetsBudget + plural: billingbudgetsbudgets shortNames: - - gcpcomputeinstancegroupmanager - - gcpcomputeinstancegroupmanagers - singular: computeinstancegroupmanager + - gcpbillingbudgetsbudget + - gcpbillingbudgetsbudgets + singular: billingbudgetsbudget preserveUnknownFields: false scope: Namespaced versions: @@ -14698,12 +12127,18 @@ spec: type: object spec: properties: - autoHealingPolicies: - description: The autohealing policy for this managed instance group. - You can specify only one value. - items: - properties: - healthCheckRef: + allUpdatesRule: + description: Optional. Rules to apply to notifications sent based + on budget spend and thresholds. + properties: + disableDefaultIamRecipients: + description: Optional. When set to true, disables default notifications + sent when a threshold is exceeded. Default notifications are + sent to those with Billing Account Administrator and Billing + Account User IAM roles for the target account. + type: boolean + monitoringNotificationChannels: + items: oneOf: - not: required: @@ -14720,10 +12155,9 @@ spec: - external properties: external: - description: |- - The URL for the health check that signals autohealing. - - Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + description: 'Allowed value: The Google Cloud resource name + of a `MonitoringNotificationChannel` resource (format: + `projects/{{project}}/notificationChannels/{{name}}`).' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -14732,56 +12166,81 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialDelaySec: - description: The number of seconds that the managed instance - group waits before it applies autohealing policies to new - instances or recently recreated instances. This initial delay - allows instances to initialize and run their startup scripts - before the instance group determines that they are UNHEALTHY. - This prevents the managed instance group from recreating its - instances prematurely. This value must be from range [0, 3600]. - format: int64 - type: integer - type: object - type: array - baseInstanceName: - description: The base instance name to use for instances in this group. - The value must be 1-58 characters long. Instances are named by appending - a hyphen and a random four-character string to the base instance - name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). - type: string - description: - description: Immutable. An optional description of this resource. - type: string - distributionPolicy: - description: Policy specifying the intended distribution of managed - instances across zones in a regional managed instance group. - properties: - targetShape: - description: 'The distribution shape to which the group converges - either proactively or on resize events (depending on the value - set in `updatePolicy.instanceRedistributionType`). Possible - values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' - type: string - zones: - description: Immutable. Zones where the regional managed instance - group will create and manage its instances. - items: - properties: - zone: - description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). - The zone must exist in the region where the managed instance - group is located. - type: string - type: object type: array + pubsubTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic where budget related messages will be published, in the form `projects/{project_id}/topics/{topic_id}`. Updates are sent at regular intervals to the topic. The topic needs to be created before the budget is created; see https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications for more details. Caller is expected to have `pubsub.topics.setIamPolicy` permission on the topic when it's set for a budget, otherwise, the API call will fail with PERMISSION_DENIED. See https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#permissions_required_for_this_task for more details on Pub/Sub roles and permissions. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + schemaVersion: + description: Optional. Required when NotificationsRule.pubsub_topic + is set. The schema version of the notification sent to NotificationsRule.pubsub_topic. + Only "1.0" is accepted. It represents the JSON schema as defined + in https://cloud.google.com/billing/docs/how-to/budgets-programmatic-notifications#notification_format. + type: string type: object - failoverAction: - description: 'The action to perform in case of zone failure. Only - one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. - Possible values: UNKNOWN, NO_FAILOVER' - type: string - instanceTemplateRef: + amount: + description: Required. Budgeted amount. + properties: + lastPeriodAmount: + description: Use the last period's actual spend as the budget + for the present period. LastPeriodAmount can only be set when + the budget's time period is a . + type: object + x-kubernetes-preserve-unknown-fields: true + specifiedAmount: + description: A specified amount to use as the budget. `currency_code` + is optional. If specified when creating a budget, it must match + the currency of the billing account. If specified when updating + a budget, it must match the currency_code of the existing budget. + The `currency_code` is provided on output. + properties: + currencyCode: + description: Immutable. The three-letter currency code defined + in ISO 4217. + type: string + nanos: + description: Number of nano (10^-9) units of the amount. The + value must be between -999,999,999 and +999,999,999 inclusive. + If `units` is positive, `nanos` must be positive or zero. + If `units` is zero, `nanos` can be positive, zero, or negative. + If `units` is negative, `nanos` must be negative or zero. + For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. + format: int64 + type: integer + units: + description: The whole units of the amount. For example if + `currencyCode` is `"USD"`, then 1 unit is one US dollar. + format: int64 + type: integer + type: object + type: object + billingAccountRef: + description: Immutable. oneOf: - not: required: @@ -14799,36 +12258,338 @@ spec: properties: external: description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + The billing account of the resource - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + Allowed value: The Google Cloud resource name of a Google Cloud Billing Account (format: `billingAccounts/{{name}}`). type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + [WARNING] BillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - location: - description: Immutable. The location of this resource. + budgetFilter: + description: Optional. Filters that define which resources are used + to compute the actual spend against the budget amount, such as projects, + services, and the budget's time period, as well as other filters. + properties: + calendarPeriod: + description: 'Optional. Specifies to track usage for recurring + calendar period. For example, assume that CalendarPeriod.QUARTER + is set. The budget will track usage from April 1 to June 30, + when the current calendar month is April, May, June. After that, + it will track usage from July 1 to September 30 when the current + calendar month is July, August, September, so on. Possible values: + CALENDAR_PERIOD_UNSPECIFIED, MONTH, QUARTER, YEAR' + type: string + creditTypes: + description: Optional. If Filter.credit_types_treatment is INCLUDE_SPECIFIED_CREDITS, + this is a list of credit types to be subtracted from gross cost + to determine the spend for threshold calculations. See a list + of acceptable credit type values. If Filter.credit_types_treatment + is not INCLUDE_SPECIFIED_CREDITS, this field must be empty. + items: + type: string + type: array + creditTypesTreatment: + description: Optional. If not set, default behavior is `INCLUDE_ALL_CREDITS`. + type: string + customPeriod: + description: Optional. Specifies to track usage from any start + date (required) to any end date (optional). This time period + is static, it does not recur. + properties: + endDate: + description: Immutable. Optional. The end date of the time + period. Budgets with elapsed end date won't be processed. + If unset, specifies to track all usage incurred since the + start_date. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + startDate: + description: Immutable. Required. The start date must be after + January 1, 2017. + properties: + day: + description: Immutable. Day of a month. Must be from 1 + to 31 and valid for the year and month, or 0 to specify + a year by itself or a year and month where the day isn't + significant. + format: int64 + type: integer + month: + description: Immutable. Month of a year. Must be from + 1 to 12, or 0 to specify a year without a month and + day. + format: int64 + type: integer + year: + description: Immutable. Year of the date. Must be from + 1 to 9999, or 0 to specify a date without a year. + format: int64 + type: integer + type: object + required: + - startDate + type: object + labels: + additionalProperties: + properties: + values: + description: Immutable. The values of the label + items: + type: string + type: array + type: object + description: Optional. A single label and value pair specifying + that usage from only this set of labeled resources should be + included in the budget. Currently, multiple entries or multiple + values per entry are not allowed. If omitted, the report will + include all labeled and unlabeled usage. + type: object + projects: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + services: + description: 'Optional. A set of services of the form `services/{service_id}`, + specifying that usage from only this set of services should + be included in the budget. If omitted, the report will include + usage for all the services. The service names are available + through the Catalog API: https://cloud.google.com/billing/v1/how-tos/catalog-api.' + items: + type: string + type: array + subaccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + type: string + name: + description: |- + [WARNING] CloudBillingBillingAccount not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + displayName: + description: User data for display name in UI. The name must be less + than or equal to 60 characters. type: string - namedPorts: - description: Immutable. Named ports configured for the Instance Groups - complementary to this Instance Group Manager. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + thresholdRules: + description: Optional. Rules that trigger alerts (notifications of + thresholds being crossed) when spend exceeds the specified percentages + of the budget. items: properties: - name: - description: Immutable. The name for this named port. The name - must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + spendBasis: + description: 'Optional. The type of basis used to determine + if spend has passed the threshold. Behavior defaults to CURRENT_SPEND + if not set. Possible values: BASIS_UNSPECIFIED, CURRENT_SPEND, + FORECASTED_SPEND' + type: string + thresholdPercent: + description: 'Required. Send an alert when this threshold is + exceeded. This is a 1.0-based percentage, so 0.5 = 50%. Validation: + non-negative number.' + format: double + type: number + required: + - thresholdPercent + type: object + type: array + required: + - amount + - billingAccountRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - port: - description: Immutable. The port number, which can be a value - between 1 and 65535. - format: int64 - type: integer type: object type: array + etag: + description: Optional. Etag to validate that the object is unchanged + for a read-modify-write operation. An empty etag will cause an update + to overwrite other changes. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: binaryauthorizationattestors.binaryauthorization.cnrm.cloud.google.com +spec: + group: binaryauthorization.cnrm.cloud.google.com + names: + categories: + - gcp + kind: BinaryAuthorizationAttestor + plural: binaryauthorizationattestors + shortNames: + - gcpbinaryauthorizationattestor + - gcpbinaryauthorizationattestors + singular: binaryauthorizationattestor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A descriptive comment. This field may be updated. + The field may be displayed in chooser dialogs. + type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -14864,313 +12625,106 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - statefulPolicy: - description: Stateful configuration for this Instanced Group Manager + userOwnedDrydockNote: + description: This specifies how an attestation will be read, and how + it will be used during policy enforcement. properties: - preservedState: - properties: - disks: - additionalProperties: - properties: - autoDelete: - description: 'These stateful disks will never be deleted - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - disk should be deleted after it is no longer used - by the group, e.g. when the given instance or the - whole group is deleted. Note: disks attached in READ_ONLY - mode cannot be auto-deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Disks created on the instances that will be preserved - on instance delete, update, etc. This map is keyed with - the device names of the disks. - type: object - externalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: External network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - internalIps: - additionalProperties: - properties: - autoDelete: - description: 'These stateful IPs will never be released - during autohealing, update or VM instance recreate - operations. This flag is used to configure if the - IP reservation should be deleted after it is no longer - used by the group, e.g. when the given instance or - the whole group is deleted. Possible values: NEVER, - ON_PERMANENT_INSTANCE_DELETION' - type: string - type: object - description: Internal network IPs assigned to the instances - that will be preserved on instance delete, update, etc. - This map is keyed with the network interface name. - type: object - type: object - type: object - targetPools: - items: - oneOf: - - not: + noteRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - targetSize: - description: The target number of running instances for this managed - instance group. You can reduce this number by using the instanceGroupManager - deleteInstances or abandonInstances methods. Resizing the group - also changes this number. - format: int64 - type: integer - updatePolicy: - description: The update policy for this managed instance group. - properties: - instanceRedistributionType: - description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) - for regional managed instance groups. Valid values are: - `PROACTIVE` - (default): The group attempts to maintain an even distribution - of VM instances across zones in the region. - `NONE`: For non-autoscaled - groups, proactive redistribution is disabled.' - type: string - maxSurge: - description: The maximum number of instances that can be created - above the specified `targetSize` during the update process. - This value can be either a fixed number or, if the group has - 10 or more instances, a percentage. If you set a percentage, - the number of instances is rounded if necessary. The default - value for `maxSurge` is a fixed value equal to the number of - zones in which the managed instance group operates. At least - one of either `maxSurge` or `maxUnavailable` must be greater - than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). - properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - maxUnavailable: - description: 'The maximum number of instances that can be unavailable - during the update process. An instance is considered available - if all of the following conditions are satisfied: - The instance''s - [status](/compute/docs/instances/checking-instance-status) is - `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) - on the instance group, the instance''s health check status must - be `HEALTHY` at least once. If there is no health check on the - group, then the instance only needs to have a status of `RUNNING` - to be considered available. This value can be either a fixed - number or, if the group has 10 or more instances, a percentage. - If you set a percentage, the number of instances is rounded - if necessary. The default value for `maxUnavailable` is a fixed - value equal to the number of zones in which the managed instance - group operates. At least one of either `maxSurge` or `maxUnavailable` - must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' properties: - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between 0 - to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer + external: + description: |- + Required. The Drydock resource name of a Attestation. Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation. Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency. + + Allowed value: The Google Cloud resource name of a `ContainerAnalysisNote` resource (format: `projects/{{project}}/notes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minReadySec: - description: Minimum number of seconds to wait for after a newly - created instance becomes available. This value must be from - range [0, 3600]. - format: int64 - type: integer - minimalAction: - description: Minimal action to be taken on an instance. You can - specify either `RESTART` to restart existing instances or `REPLACE` - to delete and create new instances from the target template. - If you specify a `RESTART`, the Updater will attempt to perform - that action only. However, if the Updater determines that the - minimal action you specify is not enough to perform the update, - it might perform a more disruptive action. - type: string - mostDisruptiveAllowedAction: - description: Most disruptive action that is allowed to be taken - on an instance. You can specify either `NONE` to forbid any - actions, `REFRESH` to allow actions that do not need instance - restart, `RESTART` to allow actions that can be applied without - instance replacing or `REPLACE` to allow all possible actions. - If the Updater determines that the minimal update action needed - is more disruptive than most disruptive allowed action you specify - it will not perform the update at all. - type: string - replacementMethod: - description: 'What action should be used to replace instances. - See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' - type: string - type: - description: The type of update process. You can specify either - `PROACTIVE` so that the instance group manager proactively executes - actions in order to bring instances to their target versions - or `OPPORTUNISTIC` so that no action is proactively executed - but the update will be performed as part of other actions (for - example, resizes or `recreateInstances` calls). - type: string - type: object - versions: - description: Specifies the instance templates used by this managed - instance group to create instances. Each version is defined by an - `instanceTemplate` and a `name`. Every version can appear at most - once per instance group. This field overrides the top-level `instanceTemplate` - field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). - Exactly one `version` must leave the `targetSize` field unset. That - version will be applied to all remaining instances. For more information, - read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). - items: - properties: - instanceTemplateRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + publicKeys: + description: Optional. Public keys that verify attestations signed + by this attestor. This field may be updated. If this field is + non-empty, one of the specified public keys must verify that + an attestation was signed by this attestor for the image specified + in the admission request. If this field is empty, this attestor + always returns that no valid attestations exist. + items: properties: - external: - description: |- - The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. - - Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + asciiArmoredPgpPublicKey: + description: ASCII-armored representation of a PGP public + key, as the entire output by the command `gpg --export + --armor foo@example.com` (either LF or CRLF line endings). + When using this field, `id` should be left blank. The + BinAuthz API handlers will calculate the ID and fill it + in automatically. BinAuthz computes this ID as the OpenPGP + RFC4880 V4 fingerprint, represented as upper-case hex. + If `id` is provided by the caller, it will be overwritten + by the API-calculated ID. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + comment: + description: Optional. A descriptive comment. This field + may be updated. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + id: + description: The ID of this public key. Signatures verified + by BinAuthz must include the ID of the public key that + can be used to verify them, and that ID must match the + contents of this field exactly. Additional restrictions + on this field can be imposed based on which public key + type is encapsulated. See the documentation on `public_key` + cases below for details. type: string + pkixPublicKey: + description: 'A raw PKIX SubjectPublicKeyInfo format public + key. NOTE: `id` may be explicitly provided by the caller + when using this type of public key, but it MUST be a valid + RFC3986 URI. If `id` is left blank, a default one will + be computed based on the digest of the DER encoding of + the public key.' + properties: + publicKeyPem: + description: A PEM-encoded public key, as described + in https://tools.ietf.org/html/rfc7468#section-13 + type: string + signatureAlgorithm: + description: 'The signature algorithm used to verify + a message against a signature using this key. These + signature algorithm must match the structure and any + object identifiers encoded in `public_key_pem` (i.e. + this algorithm must match that of the public key). + Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, + RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, + ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, + EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512' + type: string + type: object type: object - name: - description: Name of the version. Unique among all versions - in the scope of this managed instance group. - type: string - targetSize: - description: 'Specifies the intended number of instances to - be created from the `instanceTemplate`. The final number of - instances created from the template will be equal to: - If - expressed as a fixed number, the minimum of either `targetSize.fixed` - or `instanceGroupManager.targetSize` is used. - if expressed - as a `percent`, the `targetSize` would be `(targetSize.percent/100 - * InstanceGroupManager.targetSize)` If there is a remainder, - the number is rounded. If unset, this version will update - any remaining instances not updated by another `version`. - Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) - for more information.' - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value - is `fixed`, then the `calculated` value is equal to the - `fixed` value. - If the value is a `percent`, then the - `calculated` value is `percent`/100 * `targetSize`. For - example, the `calculated` value of a 80% of a managed - instance group with 150 instances would be (80/100 * 150) - = 120 VM instances. If there is a remainder, the number - is rounded.' - format: int64 - type: integer - fixed: - description: Specifies a fixed number of VM instances. This - must be a positive integer. - format: int64 - type: integer - percent: - description: Specifies a percentage of instances between - 0 to 100%, inclusive. For example, specify `80` for 80%. - format: int64 - type: integer - type: object - type: object - type: array + type: array + required: + - noteRef + type: object required: - projectRef - - targetSize type: object status: properties: @@ -15200,94 +12754,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: The creation timestamp for this managed instance group - in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. - type: string - currentActions: - description: '[Output Only] The list of instance actions and the number - of instances in this managed instance group that are scheduled for - each of those actions.' - properties: - abandoning: - description: '[Output Only] The total number of instances in the - managed instance group that are scheduled to be abandoned. Abandoning - an instance removes it from the managed instance group without - deleting it.' - format: int64 - type: integer - creating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be created or are currently - being created. If the group fails to create any of these instances, - it tries again until it creates the instance successfully. If - you have disabled creation retries, this field will not be populated; - instead, the `creatingWithoutRetries` field will be populated.' - format: int64 - type: integer - creatingWithoutRetries: - description: '[Output Only] The number of instances that the managed - instance group will attempt to create. The group attempts to - create each instance only once. If the group fails to create - any of these instances, it decreases the group''s `targetSize` - value accordingly.' - format: int64 - type: integer - deleting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be deleted or are currently - being deleted.' - format: int64 - type: integer - none: - description: '[Output Only] The number of instances in the managed - instance group that are running and have no scheduled actions.' - format: int64 - type: integer - recreating: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be recreated or are currently - being being recreated. Recreating an instance deletes the existing - root persistent disk and creates a new disk from the image that - is defined in the instance template.' - format: int64 - type: integer - refreshing: - description: '[Output Only] The number of instances in the managed - instance group that are being reconfigured with properties that - do not require a restart or a recreate action. For example, - setting or removing target pools for the instance.' - format: int64 - type: integer - restarting: - description: '[Output Only] The number of instances in the managed - instance group that are scheduled to be restarted or are currently - being restarted.' - format: int64 - type: integer - verifying: - description: '[Output Only] The number of instances in the managed - instance group that are being verified. See the `managedInstances[].currentAction` - property in the `listManagedInstances` method documentation.' - format: int64 - type: integer - type: object - fingerprint: - description: Fingerprint of this resource. This field may be used - in optimistic locking. It will be ignored when inserting an InstanceGroupManager. - An up-to-date fingerprint must be provided in order to update the - InstanceGroupManager, otherwise the request will fail with error - `412 conditionNotMet`. To see the latest fingerprint, make a `get()` - request to retrieve an InstanceGroupManager. - type: string - id: - description: '[Output Only] A unique identifier for this resource - type. The server generates this identifier.' - format: int64 - type: integer - instanceGroup: - description: '[Output Only] The URL of the Instance Group resource.' - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -15295,113 +12761,24 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) - where the managed instance group resides (for regional resources).' - type: string - selfLink: - description: '[Output Only] The URL for this managed instance group. - The server defines this URL.' + updateTime: + description: Output only. Time when the attestor was last updated. + format: date-time type: string - status: - description: '[Output Only] The status of this managed instance group.' + userOwnedDrydockNote: properties: - autoscaler: - description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) - that targets this instance group manager.' + delegationServiceAccountEmail: + description: Output only. This field will contain the service + account email address that this Attestor will use as the principal + when querying Container Analysis. Attestor administrators must + grant this service account the IAM role needed to read attestations + from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). + This email address is fixed for the lifetime of the Attestor, + but callers should not make any other assumptions about the + service account email; future versions may use an email based + on a different naming pattern. type: string - isStable: - description: '[Output Only] A bit indicating whether the managed - instance group is in a stable state. A stable state means that: - none of the instances in the managed instance group is currently - undergoing any type of change (for example, creation, restart, - or deletion); no future changes are scheduled for instances - in the managed instance group; and the managed instance group - itself is not being modified.' - type: boolean - stateful: - description: '[Output Only] Stateful status of the given Instance - Group Manager.' - properties: - hasStatefulConfig: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions.' - type: boolean - isStateful: - description: '[Output Only] A bit indicating whether the managed - instance group has stateful configuration, that is, if you - have configured any items in a stateful policy or in per-instance - configs. The group might report that it has no stateful - config even when there is still some preserved state on - a managed instance, for example, if you have deleted all - PICs but not yet applied those deletions. This field is - deprecated in favor of has_stateful_config.' - type: boolean - perInstanceConfigs: - description: '[Output Only] Status of per-instance configs - on the instance.' - properties: - allEffective: - description: A bit indicating if all of the group's per-instance - configs (listed in the output of a listPerInstanceConfigs - API call) have status `EFFECTIVE` or there are no per-instance-configs. - type: boolean - type: object - type: object - versionTarget: - description: '[Output Only] A status of consistency of Instances'' - versions with their target version specified by `version` field - on Instance Group Manager.' - properties: - isReached: - description: '[Output Only] A bit indicating whether version - target has been reached in this managed instance group, - i.e. all instances are in their target version. Instances'' - target version are specified by `version` field on Instance - Group Manager.' - type: boolean - type: object - type: object - updatePolicy: - properties: - maxSurge: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object - maxUnavailable: - properties: - calculated: - description: '[Output Only] Absolute value of VM instances - calculated based on the specific mode. - If the value is - `fixed`, then the `calculated` value is equal to the `fixed` - value. - If the value is a `percent`, then the `calculated` - value is `percent`/100 * `targetSize`. For example, the - `calculated` value of a 80% of a managed instance group - with 150 instances would be (80/100 * 150) = 120 VM instances. - If there is a remainder, the number is rounded.' - format: int64 - type: integer - type: object type: object - zone: - description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) - where the managed instance group is located (for zonal resources).' - type: string type: object required: - spec @@ -15421,25 +12798,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancegroups.compute.cnrm.cloud.google.com + name: binaryauthorizationpolicies.binaryauthorization.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: binaryauthorization.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceGroup - plural: computeinstancegroups + kind: BinaryAuthorizationPolicy + plural: binaryauthorizationpolicies shortNames: - - gcpcomputeinstancegroup - - gcpcomputeinstancegroups - singular: computeinstancegroup + - gcpbinaryauthorizationpolicy + - gcpbinaryauthorizationpolicies + singular: binaryauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -15477,55 +12854,281 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional textual description of the instance - group. - type: string - instances: + admissionWhitelistPatterns: + description: Optional. Admission policy allowlisting. A matching admission + request will always be permitted. This feature is typically used + to exclude Google or third-party infrastructure images from Binary + Authorization policies. items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + properties: + namePattern: + description: An image name pattern to allowlist, in the form + `registry/path/to/image`. This supports a trailing `*` as + a wildcard, but this is allowed only in text after the `registry/` + part. + type: string + type: object + type: array + clusterAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-cluster admission rules. Cluster spec + format: location.clusterId. There can be at most one admission rule + per cluster spec. A location is either a compute zone (e.g. us-central1-a) + or a region (e.g. us-central1). For clusterId syntax restrictions + see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.' + type: object + defaultAdmissionRule: + description: Required. Default admission rule for a cluster without + a per-cluster, per-kubernetes-service-account, or per-istio-service-identity + admission rule. + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `BinaryAuthorizationAttestor` resource (format: `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: + description: Optional. A descriptive comment. + type: string + globalPolicyEvaluationMode: + description: 'Optional. Controls the evaluation of a Google-maintained + global admission policy for common system-level images. Images not + covered by the global policy will be subject to the project admission + policy. This setting has no effect when specified inside a global + admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, + ENABLE, DISABLE' + type: string + istioServiceIdentityAdmissionRules: + additionalProperties: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode + type: object + description: 'Optional. Per-istio-service-identity admission rules. + Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ + e.g. spiffe://example.com/ns/test-ns/sa/default' + type: object + kubernetesNamespaceAdmissionRules: + additionalProperties: + properties: + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' + type: string + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - enforcementMode + - evaluationMode type: object - type: array - namedPort: - description: The named port configuration. - items: + description: 'Optional. Per-kubernetes-namespace admission rules. + K8s namespace spec format: [a-z.-]+, e.g. ''some-namespace''' + type: object + kubernetesServiceAccountAdmissionRules: + additionalProperties: properties: - name: - description: The name which the port will be mapped to. + enforcementMode: + description: 'Required. The action when a pod creation is denied + by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, + ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY' type: string - port: - description: The port number to map the name to. - type: integer + evaluationMode: + description: 'Required. How this admission rule will be evaluated. + Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION' + type: string + requireAttestationsBy: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource + name of a `BinaryAuthorizationAttestor` resource (format: + `projects/{{project}}/attestors/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array required: - - name - - port + - enforcementMode + - evaluationMode type: object - type: array - networkRef: + description: 'Optional. Per-kubernetes-service-account admission rules. + Service account spec format: namespace:serviceaccount. e.g. ''test-ns:default''' + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -15542,8 +13145,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project of the resource. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -15552,17 +13157,9 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. The zone that this instance group should be - created in. - type: string required: - - zone + - defaultAdmissionRule + - projectRef type: object status: properties: @@ -15600,11 +13197,13 @@ spec: the resource. type: integer selfLink: - description: The URI of the created resource. + description: Output only. The resource name, in the format `projects/*/policy`. + There is at most one policy per project. + type: string + updateTime: + description: Output only. Time when the policy was last updated. + format: date-time type: string - size: - description: The number of instances in the group. - type: integer type: object required: - spec @@ -15624,25 +13223,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstances.compute.cnrm.cloud.google.com + name: certificatemanagercertificatemapentries.certificatemanager.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: certificatemanager.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstance - plural: computeinstances + kind: CertificateManagerCertificateMapEntry + plural: certificatemanagercertificatemapentries shortNames: - - gcpcomputeinstance - - gcpcomputeinstances - singular: computeinstance + - gcpcertificatemanagercertificatemapentry + - gcpcertificatemanagercertificatemapentries + singular: certificatemanagercertificatemapentry preserveUnknownFields: false scope: Namespaced versions: @@ -15662,7 +13261,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -15679,167 +13278,508 @@ spec: metadata: type: object spec: - anyOf: - - required: - - bootDisk - - machineType - - networkInterface - - zone - - required: - - instanceTemplateRef - - zone properties: - advancedMachineFeatures: - description: Controls for advanced machine-related behavior features. + certificates: + description: |- + A set of Certificates defines for the given hostname. + There can be defined up to fifteen certificates in each Certificate Map Entry. + Each certificate must match pattern projects/*/locations/*/certificates/*. + items: + type: string + type: array + description: + description: A human-readable description of the resource. + type: string + hostname: + description: |- + Immutable. A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com) + for a set of hostnames with common suffix. Used as Server Name Indication (SNI) for + selecting a proper certificate. + type: string + map: + description: Immutable. A map entry that is inputted into the cetrificate + map. + type: string + matcher: + description: Immutable. A predefined matcher for particular cases, + other than SNI selection. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableNestedVirtualization: - description: Whether to enable nested virtualization or not. - type: boolean - threadsPerCore: - description: The number of threads per physical core. To disable - simultaneous multithreading (SMT) set this to 1. If unset, the - maximum number of threads supported per core by the underlying - processor is assumed. - type: integer - visibleCoreCount: - description: The number of physical cores to expose to an instance. - Multiply by the number of threads per core to compute the total - number of virtual CPUs to expose to the instance. If unset, - the number of cores is inferred from the instance\'s nominal - CPU count and the underlying platform\'s SMT width. - type: integer + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - attachedDisk: - description: List of disks attached to the instance. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificates + - map + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - deviceName: - description: Name with which the attached disk is accessible - under /dev/disk/by-id/. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKeyRaw: - description: A 256-bit customer-supplied encryption key, encoded - in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link - and disk_encryption_key_raw may be set. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be - extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the - customer-supplied encryption key that protects this resource. + message: + description: Human-readable message indicating details about + last transition. type: string - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: "Creation timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: A serving state of this Certificate Map Entry. + type: string + updateTime: + description: "Update timestamp of a Certificate Map Entry. Timestamp + in RFC3339 UTC \"Zulu\" format, \nwith nanosecond resolution and + up to nine fractional digits. \nExamples: \"2014-10-02T15:01:23Z\" + and \"2014-10-02T15:01:23.045123456Z\"." + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificatemaps.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificateMap + plural: certificatemanagercertificatemaps + shortNames: + - gcpcertificatemanagercertificatemap + - gcpcertificatemanagercertificatemaps + singular: certificatemanagercertificatemap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + gclbTargets: + description: A list of target proxies that use this Certificate Map. + items: + properties: + ipConfigs: + description: An IP configuration where this Certificate Map + is serving. + items: + properties: + ipAddress: + description: An external IP address. + type: string + ports: + description: A list of ports. + items: + type: integer + type: array + type: object + type: array + targetHttpsProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetHttpsProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + targetSslProxy: + description: |- + Proxy name must be in the format projects/*/locations/*/targetSslProxies/*. + This field is part of a union field 'target_proxy': Only one of 'targetHttpsProxy' or + 'targetSslProxy' may be set. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC "Zulu" format, + accurate to nanoseconds with up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagercertificates.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerCertificate + plural: certificatemanagercertificates + shortNames: + - gcpcertificatemanagercertificate + - gcpcertificatemanagercertificates + singular: certificatemanagercertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. + type: string + managed: + description: |- + Immutable. Configuration and state of a Managed Certificate. + Certificate Manager provisions and renews Managed Certificates + automatically, for as long as it's authorized to do so. + properties: + authorizationAttemptInfo: + description: |- + Detailed state of the latest authorization attempt for each domain + specified for this Managed Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' + details: + description: |- + Human readable explanation for reaching the state. Provided to help + address the configuration issues. + Not guaranteed to be stable. For programmatic access use 'failure_reason' field. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + domain: + description: Domain name of the authorization attempt. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + failureReason: + description: Reason for failure of the authorization attempt + for the domain. + type: string + state: + description: State of the domain for managed certificate + issuance. type: string type: object - mode: - description: Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". + type: array + dnsAuthorizations: + description: Immutable. Authorizations that will be used for performing + domain authorization. + items: type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + domains: + description: |- + Immutable. The domains for which a managed SSL certificate will be generated. + Wildcard domains are only supported with DNS challenge resolution. + items: + type: string + type: array + provisioningIssue: + description: Information about issues with provisioning this Managed + Certificate. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + details: + description: |- + Human readable explanation about the issue. Provided to help address + the configuration issues. + Not guaranteed to be stable. For programmatic access use 'reason' field. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + reason: + description: Reason for provisioning failures. type: string type: object + type: array + state: + description: A state of this Managed Certificate. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external required: - - sourceDiskRef - type: object - type: array - bootDisk: - description: Immutable. The boot disk for the instance. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - autoDelete: - description: Immutable. Whether the disk will be auto-deleted - when the instance is deleted. - type: boolean - deviceName: - description: Immutable. Name with which attached disk will be - accessible under /dev/disk/by-id/. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - diskEncryptionKeyRaw: - description: Immutable. A 256-bit customer-supplied encryption - key, encoded in RFC 4648 base64 to encrypt this disk. Only one - of kms_key_self_link and disk_encryption_key_raw may be set. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + scope: + description: |- + Immutable. The scope of the certificate. + + DEFAULT: Certificates with default scope are served from core Google data centers. + If unsure, choose this option. + + EDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, + served from non-core Google data centers. + Currently allowed only for managed certificates. + type: string + selfManaged: + description: |- + Immutable. Certificate data for a SelfManaged Certificate. + SelfManaged Certificates are uploaded by the user. Updating such + certificates before they expire remains the user's responsibility. + properties: + certificatePem: + description: |- + DEPRECATED. Deprecated in favor of `pem_certificate`. **Deprecated** The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. oneOf: - not: required: @@ -15877,168 +13817,218 @@ spec: type: object type: object type: object - diskEncryptionKeySha256: - description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. + pemCertificate: + description: |- + The certificate chain in PEM-encoded form. + + Leaf certificate comes first, followed by intermediate ones if any. type: string - initializeParams: - description: Immutable. Parameters with which a disk was created - alongside the instance. + pemPrivateKey: + description: The private key of the leaf certificate in PEM-encoded + form. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - labels: - description: Immutable. A set of key/value label pairs assigned - to the disk. - type: object - x-kubernetes-preserve-unknown-fields: true - size: - description: Immutable. The size of the image in gigabytes. - type: integer - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeImage` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object - type: - description: Immutable. The Google Compute Engine disk type. - Such as pd-standard, pd-ssd or pd-balanced. - type: string type: object - kmsKeyRef: + privateKeyPem: + description: DEPRECATED. Deprecated in favor of `pem_private_key`. + **Deprecated** The private key of the leaf certificate in PEM-encoded + form. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mode: - description: Immutable. Read/write mode for the disk. One of "READ_ONLY" - or "READ_WRITE". - type: string - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object type: object type: object - canIpForward: - description: Whether sending and receiving of packets with non-matching - source or destination IPs is allowed. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. - properties: - enableConfidentialCompute: - description: Defines whether the instance should have confidential - compute enabled. - type: boolean - required: - - enableConfidentialCompute - type: object - deletionProtection: - description: Whether deletion protection is enabled on this instance. - type: boolean - description: - description: Immutable. A brief description of the resource. - type: string - desiredStatus: - description: Desired status of the instance. Either "RUNNING" or "TERMINATED". - type: string - enableDisplay: - description: Whether the instance has virtual displays enabled. - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string type: - description: Immutable. The accelerator type resource exposed - to this instance. E.g. nvidia-tesla-k80. + description: Type is the type of the condition. type: string - required: - - count - - type type: object type: array - hostname: - description: Immutable. A custom hostname for the instance. Must be - a fully qualified DNS name and RFC-1035-valid. Valid format is a - series of labels 1-63 characters long matching the regular expression - [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire - hostname must not exceed 253 characters. Changing this forces a - new resource to be created. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: certificatemanagerdnsauthorizations.certificatemanager.cnrm.cloud.google.com +spec: + group: certificatemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CertificateManagerDNSAuthorization + plural: certificatemanagerdnsauthorizations + shortNames: + - gcpcertificatemanagerdnsauthorization + - gcpcertificatemanagerdnsauthorizations + singular: certificatemanagerdnsauthorization + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A human-readable description of the resource. type: string - instanceTemplateRef: + domain: + description: |- + Immutable. A domain which is being authorized. A DnsAuthorization resource covers a + single domain and its wildcard, e.g. authorization for "example.com" can + be used to issue certificates for "example.com" and "*.example.com". + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -16055,8 +14045,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -16065,451 +14054,265 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - machineType: - description: The machine type to create. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - metadata: + required: + - domain + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. Metadata startup scripts made available within - the instance. - type: string - minCpuPlatform: - description: The minimum CPU platform specified for the VM instance. - type: string - networkInterface: - description: Immutable. The networks attached to the instance. + dnsResourceRecord: + description: |- + The structure describing the DNS Resource Record that needs to be added + to DNS configuration for the authorization to be usable by + certificate. items: - not: - required: - - networkIp - - networkIpRef properties: - accessConfig: - description: Access configurations, i.e. IPs via which this - instance can be accessed via the Internet. - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: The networking tier used for configuring - this instance. One of PREMIUM or STANDARD. - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: An array of alias IP ranges for this network interface. - items: - properties: - ipCidrRange: - description: The IP CIDR range represented by this alias - IP range. - type: string - subnetworkRangeName: - description: The subnetwork secondary range name specifying - the secondary range from which to allocate the IP CIDR - range for this alias IP range. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. + data: + description: Data of the DNS Resource Record. type: string name: - description: The name of the interface. - type: string - networkIp: - description: DEPRECATED. Although this field is still available, - there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` - instead. - type: string - networkIpRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. + description: |- + Fully qualified name of the DNS Resource Record. + E.g. '_acme-challenge.example.com'. type: string - subnetworkProject: - description: The project in which the subnetwork belongs. + type: + description: Type of the DNS Resource Record. type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object type: object type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetfolderfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetFolderFeed + plural: cloudassetfolderfeeds + shortNames: + - gcpcloudassetfolderfeed + - gcpcloudassetfolderfeeds + singular: cloudassetfolderfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + type: string type: array - scheduling: - description: The scheduling strategy being used by the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - automaticRestart: - description: Specifies if the instance should be restarted if - it was terminated by Compute Engine (not a user). - type: boolean - instanceTerminationAction: - description: Specifies the action GCE should take when SPOT VM - is preempted. + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' + expression: + description: Textual representation of an expression in Common + Expression Language syntax. type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Describes maintenance behavior for the instance. - One of MIGRATE or TERMINATE,. + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." type: string - preemptible: - description: Immutable. Whether the instance is preemptible. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. type: string + required: + - expression type: object - scratchDisk: - description: Immutable. The scratch disks attached to the instance. - items: - properties: - interface: - description: The disk interface used for attaching this disk. - One of SCSI or NVME. - type: string - required: - - interface - type: object - type: array - serviceAccount: - description: The service account to attach to the instance. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - scopes: - description: A list of service scopes. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + pubsubDestination: + description: Destination on Cloud Pubsub. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + topic: + description: Destination on Cloud Pubsub topic. type: string + required: + - topic type: object required: - - scopes + - pubsubDestination type: object - shieldedInstanceConfig: - description: The shielded vm config being used by the instance. + folder: + description: Immutable. The folder this feed should be created in. + type: string + folderRef: + description: The folder that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enableIntegrityMonitoring: - description: Whether integrity monitoring is enabled for the instance. - type: boolean - enableSecureBoot: - description: Whether secure boot is enabled for the instance. - type: boolean - enableVtpm: - description: Whether the instance uses vTPM. - type: boolean + external: + description: 'Allowed value: The `name` field of a `Folder` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - tags: - description: The list of tags attached to the instance. - items: - type: string - type: array - zone: - description: Immutable. The zone of the instance. If self_link is - provided, this value is ignored. If neither self_link nor zone are - provided, the provider zone is used. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + required: + - billingProject + - feedId + - feedOutputConfig + - folder + - folderRef type: object status: properties: @@ -16539,20 +14342,13 @@ spec: type: string type: object type: array - cpuPlatform: - description: The CPU platform used by this instance. - type: string - currentStatus: - description: Current status of the instance. - type: string - instanceId: - description: The server-assigned unique identifier of this instance. - type: string - labelFingerprint: - description: The unique fingerprint of the labels. + folderId: + description: |- + The ID of the folder where this feed has been created. Both [FOLDER_NUMBER] + and folders/[FOLDER_NUMBER] are accepted. type: string - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -16561,12 +14357,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -16586,25 +14376,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinstancetemplates.compute.cnrm.cloud.google.com + name: cloudassetorganizationfeeds.cloudasset.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudasset.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInstanceTemplate - plural: computeinstancetemplates + kind: CloudAssetOrganizationFeed + plural: cloudassetorganizationfeeds shortNames: - - gcpcomputeinstancetemplate - - gcpcomputeinstancetemplates - singular: computeinstancetemplate + - gcpcloudassetorganizationfeed + - gcpcloudassetorganizationfeeds + singular: cloudassetorganizationfeed preserveUnknownFields: false scope: Namespaced versions: @@ -16624,7 +14414,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -16642,896 +14432,384 @@ spec: type: object spec: properties: - advancedMachineFeatures: - description: Immutable. Controls for advanced machine-related behavior - features. + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." + items: + type: string + type: array + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing." + type: string + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. properties: - enableNestedVirtualization: - description: Immutable. Whether to enable nested virtualization - or not. - type: boolean - threadsPerCore: - description: Immutable. The number of threads per physical core. - To disable simultaneous multithreading (SMT) set this to 1. - If unset, the maximum number of threads supported per core by - the underlying processor is assumed. - type: integer - visibleCoreCount: - description: Immutable. The number of physical cores to expose - to an instance. Multiply by the number of threads per core to - compute the total number of virtual CPUs to expose to the instance. - If unset, the number of cores is inferred from the instance\'s - nominal CPU count and the underlying platform\'s SMT width. - type: integer + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression type: object - canIpForward: - description: Immutable. Whether to allow sending and receiving of - packets with non-matching source or destination IPs. This defaults - to false. - type: boolean - confidentialInstanceConfig: - description: Immutable. The Confidential VM config being used by the - instance. on_host_maintenance has to be set to TERMINATE or this - will fail to create. + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' + type: string + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. properties: - enableConfidentialCompute: - description: Immutable. Defines whether the instance should have - confidential compute enabled. - type: boolean + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object required: - - enableConfidentialCompute + - pubsubDestination type: object - description: - description: Immutable. A brief description of this resource. + organizationRef: + description: The organization that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - disk: - description: Immutable. Disks to attach to instances created from - this template. This can be specified multiple times for multiple - disks. + required: + - billingProject + - feedId + - feedOutputConfig + - organizationRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - autoDelete: - description: Immutable. Whether or not the disk should be auto-deleted. - This defaults to true. - type: boolean - boot: - description: Immutable. Indicates that this is a boot disk. - type: boolean - deviceName: - description: Immutable. A unique device name that is reflected - into the /dev/ tree of a Linux operating system running within - the instance. If not specified, the server chooses a default - device name to apply to this disk. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - diskEncryptionKey: - description: Immutable. Encrypts or decrypts a disk using a - customer-supplied encryption key. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - diskName: - description: Immutable. Name of the disk. When not provided, - this defaults to the name of the instance. + message: + description: Human-readable message indicating details about + last transition. type: string - diskSizeGb: - description: Immutable. The size of the image in gigabytes. - If not specified, it will inherit the size of its base image. - For SCRATCH disks, the size must be exactly 375GB. - type: integer - diskType: - description: Immutable. The Google Compute Engine disk type. - Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - interface: - description: Immutable. Specifies the disk interface to use - for attaching this disk. + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - labels: - additionalProperties: - type: string - description: Immutable. A set of key/value label pairs to assign - to disks,. - type: object - mode: - description: Immutable. The mode in which to attach this disk, - either READ_WRITE or READ_ONLY. If you are attaching or creating - a boot disk, this must read-write mode. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeResourcePolicy` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceDiskRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeDisk` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceImageEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source - image. Required if the source image is protected by a - customer-supplied encryption key. - - Instance templates do not store customer-supplied - encryption keys, so you cannot create disks for - instances in a managed instance group if the source - images are encrypted with your own keys. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceImageRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeImage` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - sourceSnapshotEncryptionKey: - description: Immutable. The customer-supplied encryption key - of the source snapshot. - properties: - kmsKeySelfLinkRef: - description: |- - The self link of the encryption key that is stored in Google Cloud - KMS. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - kmsKeyServiceAccountRef: - description: |- - The service account being used for the encryption request for the - given KMS key. If absent, the Compute Engine default service account - is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an - `IAMServiceAccount` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeySelfLinkRef - type: object - sourceSnapshotRef: - description: |- - The source snapshot to create this disk. When creating a new - instance, one of initializeParams.sourceSnapshot, - initializeParams.sourceImage, or disks.source is required except for - local SSD. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: - description: Immutable. The type of Google Compute Engine disk, - can be either "SCRATCH" or "PERSISTENT". + type: + description: Type is the type of the condition. type: string type: object type: array - enableDisplay: - description: 'Immutable. Enable Virtual Displays on this instance. - Note: allow_stopping_for_update must be set to true in order to - update this field.' - type: boolean - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. + name: + description: The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: cloudassetprojectfeeds.cloudasset.cnrm.cloud.google.com +spec: + group: cloudasset.cnrm.cloud.google.com + names: + categories: + - gcp + kind: CloudAssetProjectFeed + plural: cloudassetprojectfeeds + shortNames: + - gcpcloudassetprojectfeed + - gcpcloudassetprojectfeeds + singular: cloudassetprojectfeed + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + assetNames: + description: "A list of the full names of the assets to receive updates. + You must specify either or both of \nassetNames and assetTypes. + Only asset updates matching specified assetNames and assetTypes + are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee + https://cloud.google.com/apis/design/resourceNames#fullResourceName + for more info." items: - properties: - count: - description: Immutable. The number of the guest accelerator - cards exposed to this instance. - type: integer - type: - description: Immutable. The accelerator type resource to expose - to this instance. E.g. nvidia-tesla-k80. - type: string - required: - - count - - type - type: object + type: string type: array - instanceDescription: - description: Immutable. A description of the instance. + assetTypes: + description: |- + A list of types of the assets to receive updates. You must specify either or both of assetNames + and assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to + the feed. For example: "compute.googleapis.com/Disk" + See https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all + supported asset types. + items: + type: string + type: array + billingProject: + description: "Immutable. The project whose identity will be used when + sending messages to the\ndestination pubsub topic. It also specifies + the project for API \nenablement check, quota, and billing. If not + specified, the resource's\nproject will be used." type: string - machineType: - description: Immutable. The machine type to create. To create a machine - with a custom type (such as extended memory), format the value like - custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of - RAM. + condition: + description: |- + A condition which determines whether an asset update should be published. If specified, an asset + will be returned only when the expression evaluates to true. When set, expression field + must be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with + expression "temporal_asset.deleted == true" will only publish Asset deletions. Other fields of + condition are optional. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: "String indicating the location of the expression + for error reporting, e.g. a file \nname and a position in the + file." + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + contentType: + description: 'Asset content type. If not specified, no content but + the asset name and type will be returned. Possible values: ["CONTENT_TYPE_UNSPECIFIED", + "RESOURCE", "IAM_POLICY", "ORG_POLICY", "OS_INVENTORY", "ACCESS_POLICY"].' type: string - metadata: + feedId: + description: Immutable. This is the client-assigned asset feed identifier + and it needs to be unique under a specific parent. + type: string + feedOutputConfig: + description: Output configuration for asset feed destination. + properties: + pubsubDestination: + description: Destination on Cloud Pubsub. + properties: + topic: + description: Destination on Cloud Pubsub topic. + type: string + required: + - topic + type: object + required: + - pubsubDestination + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - feedId + - feedOutputConfig + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - key: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - value: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - key - - value type: object type: array - metadataStartupScript: - description: Immutable. An alternative to using the startup-script - metadata key, mostly to match the compute_instance resource. This - replaces the startup-script metadata key on the created instance - and thus the two mechanisms are not allowed to be used simultaneously. - type: string - minCpuPlatform: - description: Immutable. Specifies a minimum CPU platform. Applicable - values are the friendly names of CPU platforms, such as Intel Haswell - or Intel Skylake. - type: string - namePrefix: - description: Immutable. Creates a unique name beginning with the specified - prefix. Conflicts with name. - type: string - networkInterface: - description: Immutable. Networks to attach to instances created from - this template. This can be specified multiple times for multiple - networks. - items: - properties: - accessConfig: - items: - properties: - natIpRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of - a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - networkTier: - description: 'Immutable. The networking tier used for - configuring this instance template. This field can take - the following values: PREMIUM, STANDARD, FIXED_STANDARD. - If this field is not specified, it is assumed to be - PREMIUM.' - type: string - publicPtrDomainName: - description: The DNS domain name for the public PTR record.The - DNS domain name for the public PTR record. - type: string - type: object - type: array - aliasIpRange: - description: Immutable. An array of alias IP ranges for this - network interface. Can only be specified for network interfaces - on subnet-mode networks. - items: - properties: - ipCidrRange: - description: Immutable. The IP CIDR range represented - by this alias IP range. This IP CIDR range must belong - to the specified subnetwork and cannot contain IP addresses - reserved by system or used by other network interfaces. - At the time of writing only a netmask (e.g. /24) may - be supplied, with a CIDR format resulting in an API - error. - type: string - subnetworkRangeName: - description: Immutable. The subnetwork secondary range - name specifying the secondary range from which to allocate - the IP CIDR range for this alias IP range. If left unspecified, - the primary range of the subnetwork will be used. - type: string - required: - - ipCidrRange - type: object - type: array - ipv6AccessConfig: - description: An array of IPv6 access configurations for this - interface. Currently, only one IPv6 access config, DIRECT_IPV6, - is supported. If there is no ipv6AccessConfig specified, then - this instance will have no external IPv6 Internet access. - items: - properties: - externalIpv6: - description: The first IPv6 address of the external IPv6 - range associated with this instance, prefix length is - stored in externalIpv6PrefixLength in ipv6AccessConfig. - The field is output only, an IPv6 address from a subnetwork - associated with the instance will be allocated dynamically. - type: string - externalIpv6PrefixLength: - description: The prefix length of the external IPv6 range. - type: string - networkTier: - description: The service-level to be provided for IPv6 - traffic when the subnet has an external subnet. Only - PREMIUM tier is valid for IPv6. - type: string - publicPtrDomainName: - description: The domain name to be used when creating - DNSv6 records for the external IPv6 ranges. - type: string - required: - - networkTier - type: object - type: array - ipv6AccessType: - description: One of EXTERNAL, INTERNAL to indicate whether the - IP can be accessed from the Internet. This field is always - inherited from its subnetwork. - type: string - name: - description: The name of the network_interface. - type: string - networkIp: - description: Immutable. The private IP address to assign to - the instance. If empty, the address will be automatically - assigned. - type: string - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nicType: - description: Immutable. The type of vNIC to be used on this - interface. Possible values:GVNIC, VIRTIO_NET. - type: string - queueCount: - description: Immutable. The networking queue count that's specified - by users for the network interface. Both Rx and Tx queues - will be set to this number. It will be empty if not specified. - type: integer - stackType: - description: The stack type for this network interface to identify - whether the IPv6 feature is enabled or not. If not specified, - IPV4_ONLY will be used. - type: string - subnetworkProject: - description: Immutable. The ID of the project in which the subnetwork - belongs. If it is not provided, the provider project is used. - type: string - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - networkPerformanceConfig: - description: Immutable. Configures network performance settings for - the instance. If not specified, the instance will be created with - its default network performance configuration. - properties: - totalEgressBandwidthTier: - description: Immutable. The egress bandwidth tier to enable. Possible - values:TIER_1, DEFAULT. - type: string - required: - - totalEgressBandwidthTier - type: object - region: - description: Immutable. An instance template is a global resource - that is not bound to a zone or a region. However, you can still - specify some regional resources in an instance template, which restricts - the template to the region where that resource resides. For example, - a custom subnetwork resource is tied to a specific region. Defaults - to the region of the Provider if no value is given. - type: string - reservationAffinity: - description: Immutable. Specifies the reservations that this instance - can consume from. - properties: - specificReservation: - description: Immutable. Specifies the label selector for the reservation - to use. - properties: - key: - description: Immutable. Corresponds to the label key of a - reservation resource. To target a SPECIFIC_RESERVATION by - name, specify compute.googleapis.com/reservation-name as - the key and specify the name of your reservation as the - only value. - type: string - values: - description: Immutable. Corresponds to the label values of - a reservation resource. - items: - type: string - type: array - required: - - key - - values - type: object - type: - description: Immutable. The type of reservation from which this - instance can consume resources. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - resourcePolicies: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - scheduling: - description: Immutable. The scheduling strategy to use. - properties: - automaticRestart: - description: Immutable. Specifies whether the instance should - be automatically restarted if it is terminated by Compute Engine - (not terminated by a user). This defaults to true. - type: boolean - instanceTerminationAction: - description: Immutable. Specifies the action GCE should take when - SPOT VM is preempted. - type: string - maintenanceInterval: - description: 'Specifies the frequency of planned maintenance events. - The accepted values are: PERIODIC.' - type: string - maxRunDuration: - description: Immutable. The timeout for new network connections - to hosts. - properties: - nanos: - description: |- - Immutable. Span of time that's a fraction of a second at nanosecond - resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must - be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Immutable. Span of time at a resolution of a second. - Must be from 0 to 315,576,000,000 inclusive. - type: integer - required: - - seconds - type: object - minNodeCpus: - description: Minimum number of cpus for the instance. - type: integer - nodeAffinities: - items: - properties: - value: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - onHostMaintenance: - description: Immutable. Defines the maintenance behavior for this - instance. - type: string - preemptible: - description: Immutable. Allows instance to be preempted. This - defaults to false. - type: boolean - provisioningModel: - description: Immutable. Whether the instance is spot. If this - is set as SPOT. - type: string - type: object - serviceAccount: - description: Immutable. Service account to attach to the instance. - properties: - scopes: - description: Immutable. A list of service scopes. Both OAuth2 - URLs and gcloud short names are supported. To allow full access - to all Cloud APIs, use the cloud-platform scope. - items: - type: string - type: array - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - scopes - type: object - shieldedInstanceConfig: - description: 'Immutable. Enable Shielded VM on this instance. Shielded - VM provides verifiable integrity to prevent against malware and - rootkits. Defaults to disabled. Note: shielded_instance_config can - only be used with boot images with shielded vm support.' - properties: - enableIntegrityMonitoring: - description: Immutable. Compare the most recent boot measurements - to the integrity policy baseline and return a pair of pass/fail - results depending on whether they match or not. Defaults to - true. - type: boolean - enableSecureBoot: - description: Immutable. Verify the digital signature of all boot - components, and halt the boot process if signature verification - fails. Defaults to false. - type: boolean - enableVtpm: - description: Immutable. Use a virtualized trusted platform module, - which is a specialized computer chip you can use to encrypt - objects like keys and certificates. Defaults to true. - type: boolean - type: object - tags: - description: Immutable. Tags to attach to the instance. - items: - type: string - type: array - required: - - disk - - machineType - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - metadataFingerprint: - description: The unique fingerprint of the metadata. + name: + description: The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -17540,12 +14818,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - tagsFingerprint: - description: The unique fingerprint of the tags. - type: string type: object required: - spec @@ -17565,25 +14837,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeinterconnectattachments.compute.cnrm.cloud.google.com + name: cloudbuildtriggers.cloudbuild.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudbuild.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeInterconnectAttachment - plural: computeinterconnectattachments + kind: CloudBuildTrigger + plural: cloudbuildtriggers shortNames: - - gcpcomputeinterconnectattachment - - gcpcomputeinterconnectattachments - singular: computeinterconnectattachment + - gcpcloudbuildtrigger + - gcpcloudbuildtriggers + singular: cloudbuildtrigger preserveUnknownFields: false scope: Namespaced versions: @@ -17621,583 +14893,1052 @@ spec: type: object spec: properties: - adminEnabled: - description: |- - Whether the VLAN attachment is enabled or disabled. When using - PARTNER type this will Pre-Activate the interconnect attachment. - type: boolean - bandwidth: - description: |- - Provisioned bandwidth capacity for the interconnect attachment. - For attachments of type DEDICATED, the user can set the bandwidth. - For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. - Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, - Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. - type: string - candidateSubnets: - description: |- - Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation - of cloudRouterIpAddress and customerRouterIpAddress for this attachment. - All prefixes must be within link-local address space (169.254.0.0/16) - and must be /29 or shorter (/28, /27, etc). Google will attempt to select - an unused /29 from the supplied candidate prefix(es). The request will - fail if all possible /29s are in use on Google's edge. If not supplied, - Google will randomly select an unused /29 from all of link-local space. - items: - type: string - type: array - description: - description: An optional description of this resource. - type: string - edgeAvailabilityDomain: - description: |- - Immutable. Desired availability domain for the attachment. Only available for type - PARTNER, at creation time. For improved reliability, customers should - configure a pair of attachments with one per availability domain. The - selected availability domain will be provided to the Partner via the - pairing key so that the provisioned circuit will lie in the specified - domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. - type: string - encryption: - description: |- - Immutable. Indicates the user-supplied encryption option of this interconnect - attachment. Can only be specified at attachment creation for PARTNER or - DEDICATED attachments. - - * NONE - This is the default value, which means that the VLAN attachment - carries unencrypted traffic. VMs are able to send traffic to, or receive - traffic from, such a VLAN attachment. - - * IPSEC - The VLAN attachment carries only encrypted traffic that is - encrypted by an IPsec device, such as an HA VPN gateway or third-party - IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, - such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN - attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. - type: string - interconnect: - description: |- - Immutable. URL of the underlying Interconnect object that this attachment's - traffic will traverse through. Required if type is DEDICATED, must not - be set if type is PARTNER. - type: string - ipsecInternalAddresses: - items: - description: |- - Immutable. The addresses that have been reserved for the - interconnect attachment. Used only for interconnect attachment that - has the encryption option as IPSEC. - - The addresses must be RFC 1918 IP address ranges. When creating HA - VPN gateway over the interconnect attachment, if the attachment is - configured to use an RFC 1918 IP address, then the VPN gateway's IP - address will be allocated from the IP address range specified - here. - - For example, if the HA VPN gateway's interface 0 is paired to this - interconnect attachment, then an RFC 1918 IP address for the VPN - gateway interface 0 will be allocated from the IP address specified - for this interconnect attachment. + approvalConfig: + description: "Configuration for manual approval to start a build invocation + of this BuildTrigger. \nBuilds created by this trigger will require + approval before they execute. \nAny user with a Cloud Build Approver + role for the project can approve a build." + properties: + approvalRequired: + description: "Whether or not approval is needed. If this is set + on a build, it will become pending when run, \nand will need + to be explicitly approved to start." + type: boolean + type: object + bitbucketServerTriggerConfig: + description: BitbucketServerTriggerConfig describes the configuration + of a trigger that creates a build whenever a Bitbucket Server event + is received. + properties: + bitbucketServerConfigResourceRef: + description: |- + Only `external` field is supported to configure the reference. - If this field is not specified for interconnect attachment that has - encryption option as IPSEC, later on when creating HA VPN gateway on - this interconnect attachment, the HA VPN gateway's IP address will - be allocated from regional external IP address pool. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - mtu: - description: |- - Maximum Transmission Unit (MTU), in bytes, of packets passing through - this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. - type: string - region: - description: Region where the regional interconnect attachment resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: |- - The Cloud Router to be used for dynamic routing. This router must - be in the same region as this ComputeInterconnectAttachment. The - ComputeInterconnectAttachment will automatically connect the - interconnect to the network & region within which the Cloud Router - is configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + The full resource name of the bitbucket server config. Format: + projects/{project}/locations/{location}/bitbucketServerConfigs/{id}. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeRouter` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildBitbucketServerConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectKey: + description: 'Key of the project that the repo is in. For example: + The key for https://mybitbucket.server/projects/TEST/repos/test-repo + is "TEST".' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + pullRequest: + description: Filter to match changes in pull requests. + properties: + branch: + description: |- + Regex of branches to match. + The syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment /gcbrun. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: Filter to match changes in refs like branches, tags. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the gitRef regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + repoSlug: + description: |- + Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL. + For example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo. type: string + required: + - bitbucketServerConfigResourceRef + - projectKey + - repoSlug type: object - type: - description: |- - Immutable. The type of InterconnectAttachment you wish to create. Defaults to - DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. - type: string - vlanTag8021q: - description: |- - Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When - using PARTNER type this will be managed upstream. - type: integer - required: - - region - - routerRef - type: object - status: - properties: - cloudRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on Cloud Router - Interface for this interconnect attachment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - customerRouterIpAddress: - description: |- - IPv4 address + prefix length to be configured on the customer - router subinterface for this interconnect attachment. - type: string - googleReferenceId: - description: |- - Google reference ID, to be used when raising support tickets with - Google or otherwise to debug backend connectivity issues. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - pairingKey: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. The opaque - identifier of an PARTNER attachment used to initiate provisioning with - a selected partner. Of the form "XXXXX/region/domain". - type: string - partnerAsn: - description: |- - [Output only for type PARTNER. Not present for DEDICATED]. Optional - BGP ASN for the router that should be supplied by a layer 3 Partner if - they configured BGP on behalf of the customer. - type: string - privateInterconnectInfo: - description: |- - Information specific to an InterconnectAttachment. This property - is populated if the interconnect that this is attached to is of type DEDICATED. + build: + description: Contents of the build template. Either a filename or + build template must be provided. properties: - tag8021q: - description: |- - 802.1q encapsulation tag to be used for traffic between - Google and the customer, going to and from this network and region. - type: integer - type: object - selfLink: - type: string - state: - description: '[Output Only] The current state of this attachment''s - functionality.' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkendpointgroups.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkEndpointGroup - plural: computenetworkendpointgroups - shortNames: - - gcpcomputenetworkendpointgroup - - gcpcomputenetworkendpointgroups - singular: computenetworkendpointgroup - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - defaultPort: - description: |- - Immutable. The default port used if the port number is not specified in the - network endpoint. - type: integer - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - location: - description: 'Location represents the geographical location of the - ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP - definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - networkEndpointType: - description: |- - Immutable. Type of network endpoints in this network endpoint group. - NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network - endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). - Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services - that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, - INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or - CONNECTION balancing modes. + artifacts: + description: Artifacts produced by the build that should be uploaded + upon successful completion of all build steps. + properties: + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. - Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. - type: string - networkRef: - description: |- - The network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - subnetworkRef: - description: Optional subnetwork to which all network endpoints in - the NEG belong. - oneOf: - - not: + The images will be pushed using the builder service account's credentials. + + The digests of the pushed images will be stored in the Build resource's results field. + + If any of the images fail to be pushed, the build is marked FAILURE. + items: + type: string + type: array + objects: + description: |- + A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps. + + Files in the workspace matching specified paths globs will be uploaded to the + Cloud Storage location using the builder service account's credentials. + + The location and generation of the uploaded objects will be stored in the Build resource's results field. + + If any objects fail to be pushed, the build is marked FAILURE. + properties: + location: + description: |- + Cloud Storage bucket and optional object path, in the form "gs://bucket/path/to/somewhere/". + + Files in the workspace matching any path pattern will be uploaded to Cloud Storage with + this location as a prefix. + type: string + paths: + description: Path globs used to match files in the build's + workspace. + items: + type: string + type: array + timing: + description: Output only. Stores timing information for + pushing all artifact objects. + items: + properties: + endTime: + description: |- + End of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Start of time span. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + type: array + type: object + type: object + availableSecrets: + description: Secrets and secret environment variables. + properties: + secretManager: + description: Pairs a secret environment variable with a SecretVersion + in Secret Manager. + items: + properties: + env: + description: |- + Environment variable name to associate with the secret. Secret environment + variables must be unique across all of a build's secrets, and must be used + by at least one build step. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of + a `SecretManagerSecretVersion` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - env + - versionRef + type: object + type: array required: - - external - required: - - name - - not: - anyOf: - - required: + - secretManager + type: object + images: + description: |- + A list of images to be pushed upon the successful completion of all build steps. + The images are pushed using the builder service account's credentials. + The digests of the pushed images will be stored in the Build resource's results field. + If any of the images fail to be pushed, the build status is marked FAILURE. + items: + type: string + type: array + logsBucketRef: + description: |- + Google Cloud Storage bucket where logs should be written. Logs file + names will be of the format ${logsBucket}/log-${build_id}.txt. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + options: + description: Special options for this build. + properties: + diskSizeGb: + description: |- + Requested disk size for the VM that runs the build. Note that this is NOT "disk free"; + some of the space will be used by the operating system and build utilities. + Also note that this is the minimum disk size that will be allocated for the build -- + the build may run with a larger disk than requested. At present, the maximum disk size + is 1000GB; builds that request more than the maximum are rejected with an error. + type: integer + dynamicSubstitutions: + description: |- + Option to specify whether or not to apply bash style string operations to the substitutions. + + NOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file. + type: boolean + env: + description: |- + A list of global environment variable definitions that will exist for all build steps + in this build. If a variable is defined in both globally and in a build step, + the variable will use the build step value. + + The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". + items: + type: string + type: array + logStreamingOption: + description: 'Option to define build log streaming behavior + to Google Cloud Storage. Possible values: ["STREAM_DEFAULT", + "STREAM_ON", "STREAM_OFF"].' + type: string + logging: + description: 'Option to specify the logging mode, which determines + if and where build logs are stored. Possible values: ["LOGGING_UNSPECIFIED", + "LEGACY", "GCS_ONLY", "STACKDRIVER_ONLY", "CLOUD_LOGGING_ONLY", + "NONE"].' + type: string + machineType: + description: 'Compute Engine machine type on which to run + the build. Possible values: ["UNSPECIFIED", "N1_HIGHCPU_8", + "N1_HIGHCPU_32", "E2_HIGHCPU_8", "E2_HIGHCPU_32"].' + type: string + requestedVerifyOption: + description: 'Requested verifiability options. Possible values: + ["NOT_VERIFIED", "VERIFIED"].' + type: string + secretEnv: + description: |- + A list of global environment variables, which are encrypted using a Cloud Key Management + Service crypto key. These values must be specified in the build's Secret. These variables + will be available to all build steps in this build. + items: + type: string + type: array + sourceProvenanceHash: + description: 'Requested hash for SourceProvenance. Possible + values: ["NONE", "SHA256", "MD5"].' + items: + type: string + type: array + substitutionOption: + description: |- + Option to specify behavior when there is an error in the substitution checks. + + NOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden + in the build configuration file. Possible values: ["MUST_MATCH", "ALLOW_LOOSE"]. + type: string + volumes: + description: |- + Global list of volumes to mount for ALL build steps + + Each volume is created as an empty volume prior to starting the build process. + Upon completion of the build, volumes and their contents are discarded. Global + volume names and paths cannot conflict with the volumes defined a build step. + + Using a global volume in a build with only one step is not valid as it is indicative + of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for Docker volumes. + Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on the same + build step or with certain reserved volume paths. + type: string + type: object + type: array + workerPool: + description: |- + Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool} + + This field is experimental. + type: string + type: object + queueTtl: + description: "TTL in queue for this build. If provided and the + build is enqueued longer than this value, \nthe build will expire + and the build status will be EXPIRED.\nThe TTL starts ticking + from createTime.\nA duration in seconds with up to nine fractional + digits, terminated by 's'. Example: \"3.5s\"." type: string - type: object - required: - - location - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + secret: + description: Secrets to decrypt using Cloud Key Management Service. + items: + properties: + kmsKeyRef: + description: KMS crypto key to use to decrypt these envs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + secretEnv: + additionalProperties: + type: string + description: "Map of environment variable name to its encrypted + value.\nSecret environment variables must be unique across + all of a build's secrets, \nand must be used by at least + one build step. Values can be at most 64 KB in size. \nThere + can be at most 100 secret values across all of a build's + secrets." + type: object + required: + - kmsKeyRef + type: object + type: array + source: + description: |- + The location of the source files to build. + + One of 'storageSource' or 'repoSource' must be provided. + properties: + repoSource: + description: Location of the source in a Google Cloud Source + Repository. + properties: + branchName: + description: "Regex matching branches to build. Exactly + one a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one + a of branch name, tag, or commit SHA must be provided. + type: string + dir: + description: "Directory, relative to the source root, + in which to run the build.\nThis must be a relative + path. If a step's dir is specified and is an absolute + path, \nthis value is ignored for that step's execution." + type: string + invertRegex: + description: Only trigger a build if the revision regex + does NOT match the revision regex. + type: boolean + projectId: + description: "ID of the project that owns the Cloud Source + Repository. \nIf omitted, the project ID requesting + the build is assumed." + type: string + repoRef: + description: |- + The desired Cloud Source Repository. If omitted, "default" is + assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `SourceRepoRepository` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions to use in a triggered build. + Should only be used with triggers.run. + type: object + tagName: + description: "Regex matching tags to build. Exactly one + a of branch name, tag, or commit SHA must be provided.\nThe + syntax of the regular expressions accepted is the syntax + accepted by RE2 and \ndescribed at https://github.com/google/re2/wiki/Syntax." + type: string + required: + - repoRef + type: object + storageSource: + description: Location of the source in an archive file in + Google Cloud Storage. + properties: + bucketRef: + description: Google Cloud Storage bucket containing the + source. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a + `StorageBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + generation: + description: "Google Cloud Storage generation for the + object. \nIf the generation is omitted, the latest generation + will be used." + type: string + object: + description: |- + Google Cloud Storage object containing the source. + This object must be a gzipped archive file (.tar.gz) containing source to build. + type: string + required: + - bucketRef + - object + type: object + type: object + step: + description: The operations to be performed on the workspace. + items: + properties: + args: + description: |- + A list of arguments that will be presented to the step when it is started. + + If the image used to run the step's container has an entrypoint, the args + are used as arguments to that entrypoint. If the image does not define an + entrypoint, the first element in args is used as the entrypoint, and the + remainder will be used as arguments. + items: + type: string + type: array + dir: + description: |- + Working directory to use when running this step's container. + + If this value is a relative path, it is relative to the build's working + directory. If this value is absolute, it may be outside the build's working + directory, in which case the contents of the path may not be persisted + across build step executions, unless a 'volume' for that path is specified. + + If the build specifies a 'RepoSource' with 'dir' and a step with a + 'dir', + which specifies an absolute path, the 'RepoSource' 'dir' is ignored + for the step's execution. + type: string + entrypoint: + description: |- + Entrypoint to be used instead of the build step image's + default entrypoint. + If unset, the image's default entrypoint is used. + type: string + env: + description: |- + A list of environment variable definitions to be used when + running a step. + + The elements are of the form "KEY=VALUE" for the environment variable + "KEY" being given the value "VALUE". + items: + type: string + type: array + id: + description: |- + Unique identifier for this build step, used in 'wait_for' to + reference this build step as a dependency. + type: string + name: + description: "The name of the container image that will + run this particular build step.\n\nIf the image is available + in the host's Docker daemon's cache, it will be\nrun directly. + If not, the host will attempt to pull the image first, + using\nthe builder service account's credentials if necessary.\n\nThe + Docker daemon's cache will already have the latest versions + of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders + \nfor images and examples).\nThe Docker daemon will also + have cached many of the layers for some popular\nimages, + like \"ubuntu\", \"debian\", but they will be refreshed + at the time\nyou attempt to use them.\n\nIf you built + an image in a previous build step, it will be stored in + the\nhost's Docker daemon's cache and is available to + use as the name for a\nlater build step." + type: string + script: + description: "A shell script to be executed in the step. + \nWhen script is provided, the user cannot specify the + entrypoint or args." + type: string + secretEnv: + description: |- + A list of environment variables which are encrypted using + a Cloud Key + Management Service crypto key. These values must be specified in + the build's 'Secret'. + items: + type: string + type: array + timeout: + description: |- + Time limit for executing this build step. If not defined, + the step has no + time limit and will be allowed to continue to run until either it + completes or the build itself times out. + type: string + timing: + description: |- + Output only. Stores timing information for executing this + build step. + type: string + volumes: + description: |- + List of volumes to mount into the build step. + + Each volume is created as an empty volume prior to execution of the + build step. Upon completion of the build, volumes and their contents + are discarded. + + Using a named volume in only one step is not valid as it is + indicative of a build request with an incorrect configuration. + items: + properties: + name: + description: |- + Name of the volume to mount. + + Volume names must be unique per build step and must be valid names for + Docker volumes. Each named volume must be used by at least two build steps. + type: string + path: + description: |- + Path at which to mount the volume. + + Paths must be absolute and cannot conflict with other volume paths on + the same build step or with certain reserved volume paths. + type: string + required: + - name + - path + type: object + type: array + waitFor: + description: |- + The ID(s) of the step(s) that this build step depends on. + + This build step will not start until all the build steps in 'wait_for' + have completed successfully. If 'wait_for' is empty, this build step + will start when all previous build steps in the 'Build.Steps' list + have completed successfully. + items: + type: string + type: array + required: + - name + type: object + type: array + substitutions: + additionalProperties: type: string - type: - description: Type is the type of the condition. + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a Build. These are not docker + tags. + items: type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - size: - description: Number of network endpoints in the network endpoint group. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenetworkpeerings.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeNetworkPeering - plural: computenetworkpeerings - shortNames: - - gcpcomputenetworkpeering - - gcpcomputenetworkpeerings - singular: computenetworkpeering - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - exportCustomRoutes: - description: Whether to export the custom routes to the peer network. - Defaults to false. - type: boolean - exportSubnetRoutesWithPublicIp: - description: Immutable. - type: boolean - importCustomRoutes: - description: Whether to export the custom routes from the peer network. - Defaults to false. - type: boolean - importSubnetRoutesWithPublicIp: - description: Immutable. + type: array + timeout: + description: |- + Amount of time that this build should be allowed to run, to second granularity. + If this amount of time elapses, work on the build will cease and the build status will be TIMEOUT. + This timeout must be equal to or greater than the sum of the timeouts for build steps within the build. + The expected format is the number of seconds followed by s. + Default time is ten minutes (600s). + type: string + required: + - step + type: object + description: + description: Human-readable description of the trigger. + type: string + disabled: + description: Whether the trigger is disabled or not. If true, the + trigger will never result in a build. type: boolean - networkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + filename: + description: "Path, from the source root, to a file whose contents + is used for the template. \nEither a filename or build template + must be provided. Set this only when using trigger_template or github.\nWhen + using Pub/Sub, Webhook or Manual set the file name using git_file_source + instead." + type: string + filter: + description: A Common Expression Language string. Used only with Pub/Sub + and Webhook. + type: string + gitFileSource: + description: The file source describing the local or remote Build + template. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + path: + description: The path of the file, with the repo root as the root + of the path. + type: string + repoType: + description: "The type of the repo, since it may not be explicit + from the repo field (e.g from a URL). \nValues can be UNKNOWN, + CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible + values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", + \"BITBUCKET_SERVER\"]." + type: string + revision: + description: "The branch, tag, arbitrary ref, or SHA version of + the repo to use when resolving the \nfilename (optional). This + field respects the same syntax/resolution as described here: + https://git-scm.com/docs/gitrevisions \nIf unspecified, the + revision from which the trigger invocation originated is assumed + to be the revision from which to read the specified path." + type: string + uri: + description: "The URI of the repo (optional). If unspecified, + the repo from which the trigger \ninvocation originated is assumed + to be the repo from which to read the specified path." type: string + required: + - path + - repoType + type: object + github: + description: |- + Describes the configuration of a trigger that creates a build whenever a GitHub event is received. + + One of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided. + properties: + enterpriseConfigResourceNameRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the repository. For example: The name for + https://github.com/googlecloudplatform/cloud-builders is "cloud-builders". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + owner: + description: |- + Owner of the repository. For example: The owner for + https://github.com/googlecloudplatform/cloud-builders is "googlecloudplatform". + type: string + pullRequest: + description: filter to match changes in pull requests. Specify + only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. + type: string + commentControl: + description: 'Whether to block builds on a "/gcbrun" comment + from a repository owner or collaborator. Possible values: + ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + required: + - branch + type: object + push: + description: filter to match changes in refs, like branches or + tags. Specify only one of 'pull_request' or 'push'. + properties: + branch: + description: Regex of branches to match. Specify only one + of branch or tag. + type: string + invertRegex: + description: When true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: Regex of tags to match. Specify only one of + branch or tag. + type: string + type: object + type: object + ignoredFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If ignoredFiles and changed files are both empty, then they are not + used to determine whether or not to trigger a build. + + If ignoredFiles is not empty, then we ignore any files that match any + of the ignored_file globs. If the change has no files that are outside + of the ignoredFiles globs, then we do not trigger a build. + items: + type: string + type: array + includeBuildLogs: + description: |- + Build logs will be sent back to GitHub as part of the checkrun + result. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or + INCLUDE_BUILD_LOGS_WITH_STATUS Possible values: ["INCLUDE_BUILD_LOGS_UNSPECIFIED", "INCLUDE_BUILD_LOGS_WITH_STATUS"]. + type: string + includedFiles: + description: |- + ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match + extended with support for '**'. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is empty, then as far as this filter is concerned, we + should trigger the build. + + If any of the files altered in the commit pass the ignoredFiles filter + and includedFiles is not empty, then we make sure that at least one of + those files matches a includedFiles glob. If not, then we do not trigger + a build. + items: + type: string + type: array + location: + description: |- + Immutable. The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger. + If not specified, "global" is used. + type: string + pubsubConfig: + description: "PubsubConfig describes the configuration of a trigger + that creates \na build whenever a Pub/Sub message is published.\n\nOne + of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' + or 'source_to_build' must be provided." + properties: + serviceAccountRef: + description: Service account that will make the push request. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + subscription: + description: Output only. Name of the subscription. + type: string + topicRef: + description: |- + The name of the topic from which this subscription + is receiving messages. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + repositoryEventConfig: + description: The configuration of a trigger that creates a build whenever + an event from Repo API is received. + properties: + pullRequest: + description: Contains filter properties for matching Pull Requests. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + commentControl: + description: 'Configure builds to run whether a repository + owner or collaborator need to comment ''/gcbrun''. Possible + values: ["COMMENTS_DISABLED", "COMMENTS_ENABLED", "COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY"].' + type: string + invertRegex: + description: If true, branches that do NOT match the git_ref + will trigger a build. + type: boolean + type: object + push: + description: Contains filter properties for matching git pushes. + properties: + branch: + description: |- + Regex of branches to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + invertRegex: + description: If true, only trigger a build if the revision + regex does NOT match the git_ref regex. + type: boolean + tag: + description: |- + Regex of tags to match. + + The syntax of the regular expressions accepted is the syntax accepted by + RE2 and described at https://github.com/google/re2/wiki/Syntax. + type: string + type: object + repository: + description: The resource name of the Repo API resource. type: string type: object - peerNetworkRef: + serviceAccountRef: + description: |- + The service account used for all user-controlled operations including + triggers.patch, triggers.run, builds.create, and builds.cancel. + + If no service account is set, then the standard Cloud Build service account + ([PROJECT_NUM]@system.gserviceaccount.com) will be used instead. + + When populating via the external field, the following format is supported: + projects/{PROJECT_ID}/serviceAccounts/{SERVICE_ACCOUNT_EMAIL} oneOf: - not: required: @@ -18214,7 +15955,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: string of the format `projects/{{project}}/serviceAccounts/{{value}}`, + where {{value}} is the `email` field of an `IAMServiceAccount` resource.' type: string name: @@ -18224,62 +15966,227 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - peerNetworkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: State for the peering, either ACTIVE or INACTIVE. The - peering is ACTIVE when there's a matching configuration in the peer - network. - type: string - stateDetails: - description: Details about the current state of the peering. - type: string - type: object - required: - - spec - type: object + sourceToBuild: + description: "The repo and ref of the repository from which to build. + \nThis field is used only for those triggers that do not respond + to SCM events. \nTriggers that respond to such events build source + at whatever commit caused the event. \nThis field is currently only + used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', + 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' + must be provided." + properties: + githubEnterpriseConfigRef: + description: |- + Only `external` field is supported to configure the reference. + + The full resource name of the github enterprise config. Format: + projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudBuildGithubEnterpriseConfig` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ref: + description: The branch or tag to use. Must start with "refs/" + (required). + type: string + repoType: + description: |- + The type of the repo, since it may not be explicit from the repo field (e.g from a URL). + Values can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: ["UNKNOWN", "CLOUD_SOURCE_REPOSITORIES", "GITHUB", "BITBUCKET_SERVER"]. + type: string + uri: + description: The URI of the repo (required). + type: string + required: + - ref + - repoType + - uri + type: object + substitutions: + additionalProperties: + type: string + description: Substitutions data for Build resource. + type: object + tags: + description: Tags for annotation of a BuildTrigger. + items: + type: string + type: array + triggerTemplate: + description: |- + Template describing the types of source changes to trigger a build. + + Branch and tag names in trigger templates are interpreted as regular + expressions. Any branch or tag change that matches that regular + expression will trigger a build. + + One of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided. + properties: + branchName: + description: |- + Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + commitSha: + description: Explicit commit SHA to build. Exactly one of a branch + name, tag, or commit SHA must be provided. + type: string + dir: + description: |- + Directory, relative to the source root, in which to run the build. + + This must be a relative path. If a step's dir is specified and + is an absolute path, this value is ignored for that step's + execution. + type: string + invertRegex: + description: Only trigger a build if the revision regex does NOT + match the revision regex. + type: boolean + repoRef: + description: |- + The Cloud Source Repository to build. If omitted, the repo with + name "default" is assumed. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SourceRepoRepository` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tagName: + description: |- + Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided. + This field is a regular expression. + type: string + type: object + webhookConfig: + description: "WebhookConfig describes the configuration of a trigger + that creates \na build whenever a webhook is sent to a trigger's + webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' + 'webhook_config' or 'source_to_build' must be provided." + properties: + secretRef: + description: The secret required + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SecretManagerSecret` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + state: + description: |- + Potential issues with the underlying Pub/Sub subscription configuration. + Only populated on get requests. + type: string + required: + - secretRef + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Time when the trigger was created. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + triggerId: + description: The unique identifier for the trigger. + type: string + type: object + type: object served: true storage: true subresources: @@ -18295,25 +16202,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenetworks.compute.cnrm.cloud.google.com + name: cloudfunctions2functions.cloudfunctions2.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions2.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNetwork - plural: computenetworks + kind: CloudFunctions2Function + plural: cloudfunctions2functions shortNames: - - gcpcomputenetwork - - gcpcomputenetworks - singular: computenetwork + - gcpcloudfunctions2function + - gcpcloudfunctions2functions + singular: cloudfunctions2function preserveUnknownFields: false scope: Namespaced versions: @@ -18333,7 +16240,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -18351,61 +16258,351 @@ spec: type: object spec: properties: - autoCreateSubnetworks: - description: |- - Immutable. When set to 'true', the network is created in "auto subnet mode" and - it will create a subnet for each region automatically across the - '10.128.0.0/9' address range. - - When set to 'false', the network is created in "custom subnet mode" so - the user can explicitly connect subnetwork resources. - type: boolean - deleteDefaultRoutesOnCreate: + buildConfig: description: |- - If set to 'true', default routes ('0.0.0.0/0') will be deleted - immediately after network creation. Defaults to 'false'. - type: boolean + Describes the Build step of the function that builds a container + from the given source. + properties: + build: + description: |- + The Cloud Build name of the latest successful + deployment of the function. + type: string + dockerRepository: + description: User managed repository created in Artifact Registry + optionally with a customer managed encryption key. + type: string + entryPoint: + description: |- + The name of the function (as defined in source code) that will be executed. + Defaults to the resource name suffix, if not specified. For backward + compatibility, if function with given name is not found, then the system + will try to use function named "function". For Node.js this is name of a + function exported by the module specified in source_location. + type: string + environmentVariables: + additionalProperties: + type: string + description: User-provided build-time environment variables for + the function. + type: object + runtime: + description: |- + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. + type: string + source: + description: The location of the function source code. + properties: + repoSource: + description: If provided, get the source from this location + in a Cloud Source Repository. + properties: + branchName: + description: Regex matching branches to build. + type: string + commitSha: + description: Regex matching tags to build. + type: string + dir: + description: Directory, relative to the source root, in + which to run the build. + type: string + invertRegex: + description: "Only trigger a build if the revision regex + does \nNOT match the revision regex." + type: boolean + projectId: + description: "Immutable. ID of the project that owns the + Cloud Source Repository. If omitted, the \nproject ID + requesting the build is assumed." + type: string + repoName: + description: Name of the Cloud Source Repository. + type: string + tagName: + description: Regex matching tags to build. + type: string + type: object + storageSource: + description: If provided, get the source from this location + in Google Cloud Storage. + properties: + bucket: + description: Google Cloud Storage bucket containing the + source. + type: string + generation: + description: "Google Cloud Storage generation for the + object. If the generation \nis omitted, the latest generation + will be used." + type: integer + object: + description: Google Cloud Storage object containing the + source. + type: string + type: object + type: object + workerPool: + description: Name of the Cloud Build Custom Worker Pool that should + be used to build the function. + type: string + type: object description: - description: |- - Immutable. An optional description of this resource. The resource must be - recreated to modify this field. + description: User-provided description of a function. type: string - enableUlaInternalIpv6: - description: "Immutable. Enable ULA internal ipv6 on this network. - Enabling this feature will assign \na /48 from google defined ULA - prefix fd20::/20." - type: boolean - internalIpv6Range: - description: "Immutable. When enabling ula internal ipv6, caller optionally - can specify the /48 range \nthey want from the google defined ULA - prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address - and must be within the fd20::/20. Operation will \nfail if the speficied - /48 is already in used by another resource. \nIf the field is not - speficied, then a /48 range will be randomly allocated from fd20::/20 - and returned via this field." + eventTrigger: + description: |- + An Eventarc trigger managed by Google Cloud Functions that fires events in + response to a condition in another service. + properties: + eventFilters: + description: Criteria used to filter events. + items: + properties: + attribute: + description: |- + 'Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes. + Do not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute. + type: string + operator: + description: |- + Optional. The operator used for matching the events with the value of + the filter. If not specified, only events that have an exact key-value + pair specified in the filter are matched. + The only allowed value is 'match-path-pattern'. + [See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'. + type: string + value: + description: |- + Required. The value for the attribute. + If the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value. + type: string + required: + - attribute + - value + type: object + type: array + eventType: + description: Required. The type of event to observe. + type: string + pubsubTopic: + description: |- + The name of a Pub/Sub topic in the same project that will be used + as the transport topic for the event delivery. + type: string + retryPolicy: + description: |- + Describes the retry policy in case of function's execution failure. + Retried execution is charged as any other execution. Possible values: ["RETRY_POLICY_UNSPECIFIED", "RETRY_POLICY_DO_NOT_RETRY", "RETRY_POLICY_RETRY"]. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + trigger: + description: Output only. The resource name of the Eventarc trigger. + type: string + triggerRegion: + description: |- + The region that the trigger will be in. The trigger will only receive + events originating in this region. It can be the same + region as the function, a different region or multi-region, or the global + region. If not provided, defaults to the same region as the function. + type: string + type: object + location: + description: Immutable. The location of this cloud function. type: string - mtu: - description: "Immutable. Maximum Transmission Unit in bytes. The default - value is 1460 bytes. \nThe minimum value for this field is 1300 - and the maximum value is 8896 bytes (jumbo frames).\nNote that packets - larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS - clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message - if the packets are routed to the Internet or other VPCs \nwith varying - MTUs." - type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routingMode: - description: |- - The network-wide routing mode to use. If set to 'REGIONAL', this - network's cloud routers will only advertise routes with subnetworks - of this network in the same region as the router. If set to 'GLOBAL', - this network's cloud routers will advertise routes with all - subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. - type: string + serviceConfig: + description: Describes the Service being deployed. + properties: + allTrafficOnLatestRevision: + description: Whether 100% of traffic is routed to the latest revision. + Defaults to true. + type: boolean + availableCpu: + description: The number of CPUs used in a single container instance. + Default value is calculated from available memory. + type: string + availableMemory: + description: |- + The amount of memory available for a function. + Defaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is + supplied the value is interpreted as bytes. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + gcfUri: + description: URIs of the Service deployed. + type: string + ingressSettings: + description: 'Available ingress settings. Defaults to "ALLOW_ALL" + if unspecified. Default value: "ALLOW_ALL" Possible values: + ["ALLOW_ALL", "ALLOW_INTERNAL_ONLY", "ALLOW_INTERNAL_AND_GCLB"].' + type: string + maxInstanceCount: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + type: integer + maxInstanceRequestConcurrency: + description: Sets the maximum number of concurrent requests that + each instance can receive. Defaults to 1. + type: integer + minInstanceCount: + description: |- + The limit on the minimum number of function instances that may coexist at a + given time. + type: integer + secretEnvironmentVariables: + description: Secret environment variables configuration. + items: + properties: + key: + description: Name of the environment variable. + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + version: + description: Version of the secret (version number or the + string 'latest'). It is recommended to use a numeric version + for secret environment variables as any updates to the + secret value is not reflected until new instances start. + type: string + required: + - key + - projectId + - secret + - version + type: object + type: array + secretVolumes: + description: Secret volumes configuration. + items: + properties: + mountPath: + description: 'The path within the container to mount the + secret volume. For example, setting the mountPath as /etc/secrets + would mount the secret value files under the /etc/secrets + directory. This directory will also be completely shadowed + and unavailable to mount any other secrets. Recommended + mount path: /etc/secrets.' + type: string + projectId: + description: Project identifier (preferrably project number + but can also be the project ID) of the project that contains + the secret. If not set, it will be populated with the + function's project assuming that the secret exists in + the same project as of the function. + type: string + secret: + description: Name of the secret in secret manager (not the + full resource name). + type: string + versions: + description: List of secret versions to mount for this secret. + If empty, the latest version of the secret will be made + available in a file named after the secret under the mount + point.'. + items: + properties: + path: + description: Relative path of the file under the mount + path where the secret value for this version will + be fetched and made available. For example, setting + the mountPath as '/etc/secrets' and path as secret_foo + would mount the secret value file at /etc/secrets/secret_foo. + type: string + version: + description: Version of the secret (version number + or the string 'latest'). It is preferable to use + latest version with secret volumes as secret value + changes are reflected immediately. + type: string + required: + - path + - version + type: object + type: array + required: + - mountPath + - projectId + - secret + type: object + type: array + service: + description: Name of the service associated with a Function. + type: string + serviceAccountEmail: + description: The email of the service account for this function. + type: string + timeoutSeconds: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: integer + uri: + description: URI of the Service deployed. + type: string + vpcConnector: + description: The Serverless VPC Access connector that this cloud + function can connect to. + type: string + vpcConnectorEgressSettings: + description: 'Available egress settings. Possible values: ["VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED", + "PRIVATE_RANGES_ONLY", "ALL_TRAFFIC"].' + type: string + type: object + required: + - location + - projectRef type: object status: properties: @@ -18435,10 +16632,8 @@ spec: type: string type: object type: array - gatewayIpv4: - description: |- - The gateway address for default routing out of the network. This value - is selected by GCP. + environment: + description: The environment the function is hosted on. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18447,9 +16642,15 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Describes the current state of the function. + type: string + updateTime: + description: The last update timestamp of a Cloud Function. type: string type: object + required: + - spec type: object served: true storage: true @@ -18466,25 +16667,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computenodegroups.compute.cnrm.cloud.google.com + name: cloudfunctionsfunctions.cloudfunctions.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudfunctions.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeGroup - plural: computenodegroups + kind: CloudFunctionsFunction + plural: cloudfunctionsfunctions shortNames: - - gcpcomputenodegroup - - gcpcomputenodegroups - singular: computenodegroup + - gcpcloudfunctionsfunction + - gcpcloudfunctionsfunctions + singular: cloudfunctionsfunction preserveUnknownFields: false scope: Namespaced versions: @@ -18522,58 +16723,146 @@ spec: type: object spec: properties: - autoscalingPolicy: + availableMemoryMb: + description: 'Memory (in MB), available to the function. Default value + is 256MB. Allowed values are: 128MB, 256MB, 512MB, 1024MB, and 2048MB.' + format: int64 + type: integer + description: + description: User-provided description of a function. + type: string + entryPoint: description: |- - Immutable. If you use sole-tenant nodes for your workloads, you can use the node - group autoscaler to automatically manage the sizes of your node groups. + Immutable. The name of the function (as defined in source code) that will be + executed. Defaults to the resource name suffix, if not specified. For + backward compatibility, if function with given name is not found, then the + system will try to use function named "function". + For Node.js this is name of a function exported by the module specified + in `source_location`. + type: string + environmentVariables: + additionalProperties: + type: string + description: Environment variables that shall be available during + function execution. + type: object + eventTrigger: + description: Immutable. A source that fires events in response to + a condition in another service. properties: - maxNodes: - description: |- - Immutable. Maximum size of the node group. Set to a value less than or equal - to 100 and greater than or equal to min-nodes. - type: integer - minNodes: - description: |- - Immutable. Minimum size of the node group. Must be less - than or equal to max-nodes. The default value is 0. - type: integer - mode: + eventType: description: |- - Immutable. The autoscaling mode. Set to one of the following: - - OFF: Disables the autoscaler. - - ON: Enables scaling in and scaling out. - - ONLY_SCALE_OUT: Enables only scaling out. - You must use this mode if your node groups are configured to - restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + Immutable. Required. The type of event to observe. For example: + `providers/cloud.storage/eventTypes/object.change` and + `providers/cloud.pubsub/eventTypes/topic.publish`. + + Event types match pattern `providers/*/eventTypes/*.*`. + The pattern contains: + + 1. namespace: For example, `cloud.storage` and + `google.firebase.analytics`. + 2. resource type: The type of resource on which event occurs. For + example, the Google Cloud Storage API includes the type `object`. + 3. action: The action that generates the event. For example, action for + a Google Cloud Storage Object is 'change'. + These parts are lower case. + type: string + failurePolicy: + description: Immutable. Specifies policy for failed executions. + type: boolean + resourceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + Required. The resource(s) from which to observe events, for example, + `projects/_/buckets/myBucket`. + + Not all syntactically correct values are accepted by all services. For + example: + + 1. The authorization model must support it. Google Cloud Functions + only allows EventTriggers to be deployed that observe resources in the + same project as the `Function`. + 2. The resource type must match the pattern expected for an + `event_type`. For example, an `EventTrigger` that has an + `event_type` of "google.pubsub.topic.publish" should have a resource + that matches Google Cloud Pub/Sub topics. + + Additionally, some services may support short names when creating an + `EventTrigger`. These will always be returned in the normalized "long" + format. + + See each *service's* documentation for supported formats. + + Allowed values: + * The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + * The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: StorageBucket,PubSubTopic' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + service: + description: |- + Immutable. The hostname of the service that should be observed. + + If no string is provided, the default service implementing the API will + be used. For example, `storage.googleapis.com` is the default for all + event types in the `google.storage` namespace. type: string + required: + - eventType + - resourceRef type: object - description: - description: Immutable. An optional textual description of the resource. - type: string - initialSize: - description: Immutable. The initial number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - maintenancePolicy: - description: 'Immutable. Specifies how to handle instances when a - node in the group undergoes maintenance. Set to one of: DEFAULT, - RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value - is DEFAULT.' - type: string - maintenanceWindow: - description: Immutable. contains properties for the timeframe of maintenance. + httpsTrigger: + description: Immutable. An HTTPS endpoint type of source that can + be triggered via URL. properties: - startTime: - description: Immutable. instances.start time of the window. This - must be in UTC format that resolves to one of 00:00, 04:00, - 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and - 08:00 are valid. + securityLevel: + description: 'Immutable. Both HTTP and HTTPS requests with URLs + that match the handler succeed without redirects. The application + can examine the request to determine which protocol was used + and respond accordingly. Possible values: SECURITY_LEVEL_UNSPECIFIED, + SECURE_ALWAYS, SECURE_OPTIONAL' type: string - required: - - startTime type: object - nodeTemplateRef: - description: The node template to which this node group belongs. + ingressSettings: + description: |- + The ingress settings for the function, controlling what traffic can reach + it. Possible values: INGRESS_SETTINGS_UNSPECIFIED, ALLOW_ALL, ALLOW_INTERNAL_ONLY, ALLOW_INTERNAL_AND_GCLB + type: string + maxInstances: + description: |- + The limit on the maximum number of function instances that may coexist at a + given time. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -18590,8 +16879,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` - resource.' + description: |- + The project id of the function. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -18600,102 +16891,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The name of the Cloud Functions region of + the function. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - shareSettings: - description: Immutable. Share settings for the node group. + runtime: + description: | + The runtime in which to run the function. Required when deploying a new + function, optional when updating an existing function. For a complete + list of possible choices, see the + [`gcloud` command + reference](/sdk/gcloud/reference/functions/deploy#--runtime). + type: string + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - projectMap: - description: Immutable. A map of project id and project config. - This is only valid when shareType's value is SPECIFIC_PROJECTS. - items: - properties: - idRef: - description: The key of this project config in the parent - map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectIdRef: - description: |- - The project id/number should be the same as the key of this project - config in the project map. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Project` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - idRef - - projectIdRef - type: object - type: array - shareType: - description: 'Immutable. Node group sharing type. Possible values: - ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + external: + description: |- + The email of the function's service account. If empty, defaults to + `{project_id}@appspot.gserviceaccount.com`. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceArchiveUrl: + description: Immutable. The Google Cloud Storage URL, starting with + gs://, pointing to the zip archive which contains the function. + type: string + sourceRepository: + description: Immutable. Represents parameters related to source repository + where a function is hosted. + properties: + url: + description: |- + Immutable. The URL pointing to the hosted repository where the function is defined. + There are supported Cloud Source Repository URLs in the following + formats: + + To refer to a specific commit: + `https://source.developers.google.com/projects/*/repos/*/revisions/*/paths/*` + To refer to a moveable alias (branch): + `https://source.developers.google.com/projects/*/repos/*/moveable-aliases/*/paths/*` + In particular, to refer to HEAD use `master` moveable alias. + To refer to a specific fixed alias (tag): + `https://source.developers.google.com/projects/*/repos/*/fixed-aliases/*/paths/*` + + You may omit `paths/*` if you want to use the main directory. type: string required: - - shareType + - url type: object - size: - description: Immutable. The total number of nodes in the node group. - One of 'initial_size' or 'size' must be specified. - type: integer - zone: - description: Immutable. Zone where this node group is located. + timeout: + description: |- + The function execution timeout. Execution is considered failed and + can be terminated if the function is not completed at the end of the + timeout period. Defaults to 60 seconds. + type: string + vpcConnectorEgressSettings: + description: |- + The egress settings for the connector, controlling what traffic is diverted + through it. Possible values: VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED, PRIVATE_RANGES_ONLY, ALL_TRAFFIC type: string + vpcConnectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The VPC Network Connector that this cloud function can connect to. It can + be either the fully-qualified URI, or the short name of the network + connector resource. The format of this field is + `projects/*/locations/*/connectors/*` + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - nodeTemplateRef - - zone + - projectRef + - region + - runtime type: object status: properties: @@ -18725,9 +17042,12 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string + httpsTrigger: + properties: + url: + description: Output only. The deployed url for the function. + type: string + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -18735,8 +17055,31 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + sourceRepository: + properties: + deployedUrl: + description: |- + Output only. The URL pointing to the hosted repository where the function + were defined at the time of deployment. It always points to a specific + commit in the format described above. + type: string + type: object + status: + description: 'Output only. Status of the function deployment. Possible + values: CLOUD_FUNCTION_STATUS_UNSPECIFIED, ACTIVE, OFFLINE, DEPLOY_IN_PROGRESS, + DELETE_IN_PROGRESS, UNKNOWN' + type: string + updateTime: + description: Output only. The last update timestamp of a Cloud Function + in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up + to nine fractional digits. type: string + versionId: + description: |- + Output only. The version identifier of the Cloud Function. Each deployment attempt + results in a new version of a function being created. + format: int64 + type: integer type: object required: - spec @@ -18756,25 +17099,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computenodetemplates.compute.cnrm.cloud.google.com + name: cloudidentitygroups.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeNodeTemplate - plural: computenodetemplates + kind: CloudIdentityGroup + plural: cloudidentitygroups shortNames: - - gcpcomputenodetemplate - - gcpcomputenodetemplates - singular: computenodetemplate + - gcpcloudidentitygroup + - gcpcloudidentitygroups + singular: cloudidentitygroup preserveUnknownFields: false scope: Namespaced versions: @@ -18812,71 +17155,82 @@ spec: type: object spec: properties: - cpuOvercommitType: - description: 'Immutable. CPU overcommit. Default value: "NONE" Possible - values: ["ENABLED", "NONE"].' - type: string description: - description: Immutable. An optional textual description of the resource. - type: string - nodeType: description: |- - Immutable. Node type to use for nodes group that are created from this template. - Only one of nodeTypeFlexibility and nodeType can be specified. + An extended description to help users determine the purpose of a Group. + Must not be longer than 4,096 characters. type: string - nodeTypeFlexibility: - description: |- - Immutable. Flexible properties for the desired node type. Node groups that - use this node template will create nodes of a type that matches - these properties. Only one of nodeTypeFlexibility and nodeType can - be specified. + displayName: + description: The display name of the Group. + type: string + groupKey: + description: Immutable. EntityKey of the Group. properties: - cpus: - description: Immutable. Number of virtual CPUs to use. - type: string - localSsd: - description: Use local SSD. + id: + description: |- + Immutable. The ID of the entity. + + For Google-managed entities, the id must be the email address of an existing + group or user. + + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + + Must be unique within a namespace. type: string - memory: - description: Immutable. Physical memory available to the node, - defined in MB. + namespace: + description: |- + Immutable. The namespace in which the entity exists. + + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of 'identitysources/{identity_source_id}'. type: string + required: + - id type: object - region: + initialGroupConfig: description: |- - Immutable. Region where nodes using the node template will be created. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + Immutable. The initial configuration options for creating a Group. + + See the + [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig) + for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]. type: string - serverBinding: + labels: + additionalProperties: + type: string description: |- - Immutable. The server binding policy for nodes using this template. Determines - where the nodes should restart following a maintenance event. - properties: - type: - description: |- - Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', - nodes using this template will restart on any physical server - following a maintenance event. + One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. - If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template - will restart on the same physical server following a maintenance - event, instead of being live migrated to or restarted on a new - physical server. This option may be useful if you are using - software licenses tied to the underlying server characteristics - such as physical sockets or cores, to avoid the need for - additional licenses when maintenance occurs. However, VMs on such - nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. - type: string - required: - - type + Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value. + + Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. + + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + + Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. type: object + parent: + description: |- + Immutable. The resource name of the entity under which this Group resides in the + Cloud Identity resource hierarchy. + + Must be of the form identitysources/{identity_source_id} for external-identity-mapped + groups or customers/{customer_id} for Google Groups. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string required: - - region + - groupKey + - labels + - parent type: object status: properties: @@ -18906,8 +17260,13 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + createTime: + description: The time when the Group was created. + type: string + name: + description: |- + Resource name of the Group in the format: groups/{group_id}, where group_id + is the unique ID assigned to the Group. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -18916,7 +17275,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + updateTime: + description: The time when the Group was last updated. type: string type: object required: @@ -18937,25 +17297,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: computepacketmirrorings.compute.cnrm.cloud.google.com + name: cloudidentitymemberships.cloudidentity.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudidentity.cnrm.cloud.google.com names: categories: - gcp - kind: ComputePacketMirroring - plural: computepacketmirrorings + kind: CloudIdentityMembership + plural: cloudidentitymemberships shortNames: - - gcpcomputepacketmirroring - - gcpcomputepacketmirrorings - singular: computepacketmirroring + - gcpcloudidentitymembership + - gcpcloudidentitymemberships + singular: cloudidentitymembership preserveUnknownFields: false scope: Namespaced versions: @@ -18993,231 +17353,8 @@ spec: type: object spec: properties: - collectorIlb: - description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` - that will be used as collector for mirrored traffic. The specified - forwarding rule must have `isMirroringCollector` set to true. - properties: - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - description: - description: An optional description of this resource. Provide this - property when you create the resource. - type: string - enable: - description: Indicates whether or not this packet mirroring takes - effect. If set to FALSE, this packet mirroring policy will not be - enforced on the network. The default is TRUE. - type: string - filter: - description: Filter for mirrored traffic. If unspecified, all traffic - is mirrored. - properties: - cidrRanges: - description: IP CIDR ranges that apply as filter on the source - (ingress) or destination (egress) IP in the IP header. Only - IPv4 is supported. If no ranges are specified, all traffic that - matches the specified IPProtocols is mirrored. If neither cidrRanges - nor IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - direction: - description: Direction of traffic to mirror, either INGRESS, EGRESS, - or BOTH. The default is BOTH. - type: string - ipProtocols: - description: Protocols that apply as filter on mirrored traffic. - If no protocols are specified, all traffic that matches the - specified CIDR ranges is mirrored. If neither cidrRanges nor - IPProtocols is specified, all traffic is mirrored. - items: - type: string - type: array - type: object - location: - description: Immutable. The location for the resource - type: string - mirroredResources: - description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo - specifies a set of mirrored VM instances, subnetworks and/or tags - for which traffic from/to all VM instances will be mirrored. - properties: - instances: - description: A set of virtual machine instances that are being - mirrored. They must live in zones contained in the same region - as this packetMirroring. Note that this config will apply only - to those network interfaces of the Instances that belong to - the network specified in this packetMirroring. You may specify - a maximum of 50 Instances. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the instance; defined by the server. - type: string - urlRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the virtual machine instance which is being mirrored. - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - subnetworks: - description: Immutable. A set of subnetworks for which traffic - from/to all VM instances will be mirrored. They must live in - the same region as this packetMirroring. You may specify a maximum - of 5 subnetworks. - items: - properties: - canonicalUrl: - description: Immutable. Output only. Unique identifier for - the subnetwork; defined by the server. - type: string - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - tags: - description: A set of mirrored tags. Traffic from/to all VM instances - that have one or more of these tags will be mirrored. - items: - type: string - type: array - type: object - network: - description: Immutable. Specifies the mirrored VPC network. Only packets - in this network will be mirrored. All mirrored VMs should have a - NIC in the given network. All mirrored subnetworks should belong - to the given network. - properties: - urlRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - URL of the network resource. - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - urlRef - type: object - priority: - description: The priority of applying this configuration. Priority - is used to break ties in cases where there is more than one matching - rule. In the case of two rules that apply for a given Instance, - the one with the lowest-numbered priority value wins. Default value - is 1000. Valid range is 0 through 65535. - format: int64 - type: integer - projectRef: - description: Immutable. The Project that this resource belongs to. + groupRef: + description: Immutable. oneOf: - not: required: @@ -19235,9 +17372,9 @@ spec: properties: external: description: |- - The project for the resource + The group for the resource - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The Google Cloud resource name of a `CloudIdentityGroup` resource (format: `groups/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -19246,27 +17383,102 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + memberKey: + description: Immutable. The `EntityKey` of the member. Either `member_key` + or `preferred_member_key` must be set when calling MembershipsService.CreateMembership + but not both; both shall be set when returned. + properties: + id: + description: The ID of the entity. For Google-managed entities, + the `id` must be the email address of an existing group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: The namespace in which the entity exists. If not + specified, the `EntityKey` represents a Google-managed entity + such as a Google user or a Google Group. If specified, the `EntityKey` + represents an external-identity-mapped group. The namespace + must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + type: string + type: object + preferredMemberKey: + description: Immutable. Required. Immutable. The `EntityKey` of the + member. + properties: + id: + description: Immutable. The ID of the entity. For Google-managed + entities, the `id` must be the email address of a group or user. + For external-identity-mapped entities, the `id` must be a string + conforming to the Identity Source's requirements. Must be unique + within a `namespace`. + type: string + namespace: + description: Immutable. The namespace in which the entity exists. + If not specified, the `EntityKey` represents a Google-managed + entity such as a Google user or a Google Group. If specified, + the `EntityKey` represents an external-identity-mapped group. + The namespace must correspond to an identity source created + in Admin Console and must be in the form of `identitysources/{identity_source_id}`. + type: string + required: + - id + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + roles: + description: The `MembershipRole`s that apply to the `Membership`. + If unspecified, defaults to a single `MembershipRole` with `name` + `MEMBER`. Must not contain duplicate `MembershipRole`s with the + same `name`. + items: + properties: + expiryDetail: + description: The expiry details of the `MembershipRole`. Expiry + details are only supported for `MEMBER` `MembershipRoles`. + May be set if `name` is `MEMBER`. Must not be set if `name` + is any other value. + properties: + expireTime: + description: The time at which the `MembershipRole` will + expire. + format: date-time + type: string + type: object + name: + type: string + restrictionEvaluations: + description: Evaluations of restrictions applied to parent group + on this membership. + properties: + memberRestrictionEvaluation: + description: Evaluation of the member restriction applied + to this membership. Empty if the user lacks permission + to view the restriction evaluation. + properties: + state: + description: 'Output only. The current state of the + restriction Possible values: ENCRYPTION_STATE_UNSPECIFIED, + UNSUPPORTED_BY_DEVICE, ENCRYPTED, NOT_ENCRYPTED' + type: string + type: object + type: object + required: + - name + type: object + type: array required: - - collectorIlb - - location - - mirroredResources - - network - - projectRef + - groupRef + - preferredMemberKey + - roles type: object status: properties: - collectorIlb: - properties: - canonicalUrl: - description: Output only. Unique identifier for the forwarding - rule; defined by the server. - type: string - type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -19293,16 +17505,28 @@ spec: type: string type: object type: array - id: - description: Output only. The unique identifier for the resource. - This identifier is defined by the server. - format: int64 - type: integer - network: + createTime: + description: Output only. The time when the `Membership` was created. + format: date-time + type: string + deliverySetting: + description: 'Output only. Delivery setting associated with the membership. + Possible values: DELIVERY_SETTING_UNSPECIFIED, ALL_MAIL, DIGEST, + DAILY, NONE, DISABLED' + type: string + displayName: + description: Output only. The display name of this member, if available properties: - canonicalUrl: - description: Output only. Unique identifier for the network; defined - by the server. + familyName: + description: Output only. Member's family name + type: string + fullName: + description: Output only. Localized UTF-16 full name for the member. + Localization is done based on the language in the request and + the language of the stored display name. + type: string + givenName: + description: Output only. Member's given name type: string type: object observedGeneration: @@ -19312,11 +17536,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - region: - description: URI of the region where the packetMirroring resides. + type: + description: 'Output only. The type of the membership. Possible values: + OWNER_TYPE_UNSPECIFIED, OWNER_TYPE_CUSTOMER, OWNER_TYPE_PARTNER' type: string - selfLink: - description: Server-defined URL for the resource. + updateTime: + description: Output only. The time when the `Membership` was last + updated. + format: date-time type: string type: object required: @@ -19337,25 +17564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeprojectmetadatas.compute.cnrm.cloud.google.com + name: cloudidsendpoints.cloudids.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudids.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeProjectMetadata - plural: computeprojectmetadatas + kind: CloudIDSEndpoint + plural: cloudidsendpoints shortNames: - - gcpcomputeprojectmetadata - - gcpcomputeprojectmetadatas - singular: computeprojectmetadata + - gcpcloudidsendpoint + - gcpcloudidsendpoints + singular: cloudidsendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -19375,7 +17602,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19393,13 +17620,65 @@ spec: type: object spec: properties: - metadata: - additionalProperties: - type: string - description: A series of key value pairs. + description: + description: Immutable. An optional description of the endpoint. + type: string + location: + description: Immutable. The location for the endpoint. + type: string + network: + description: Immutable. Name of the VPC network that is connected + to the IDS endpoint. This can either contain the VPC network name + itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + severity: + description: 'Immutable. The minimum alert severity level that is + reported by the endpoint. Possible values: ["INFORMATIONAL", "LOW", + "MEDIUM", "HIGH", "CRITICAL"].' + type: string + threatExceptions: + description: 'Configuration for threat IDs excluded from generating + alerts. Limit: 99 IDs.' + items: + type: string + type: array required: - - metadata + - location + - network + - projectRef + - severity type: object status: properties: @@ -19429,6 +17708,16 @@ spec: type: string type: object type: array + createTime: + description: Creation timestamp in RFC 3339 text format. + type: string + endpointForwardingRule: + description: URL of the endpoint's network address to which traffic + is to be sent by Packet Mirroring. + type: string + endpointIp: + description: Internal IP address of the endpoint's network entry point. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -19436,6 +17725,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Last update timestamp in RFC 3339 text format. + type: string type: object required: - spec @@ -19455,25 +17747,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com + name: cloudiotdevices.cloudiot.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudiot.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRegionNetworkEndpointGroup - plural: computeregionnetworkendpointgroups + kind: CloudIOTDevice + plural: cloudiotdevices shortNames: - - gcpcomputeregionnetworkendpointgroup - - gcpcomputeregionnetworkendpointgroups - singular: computeregionnetworkendpointgroup + - gcpcloudiotdevice + - gcpcloudiotdevices + singular: cloudiotdevice preserveUnknownFields: false scope: Namespaced versions: @@ -19493,7 +17785,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -19511,199 +17803,75 @@ spec: type: object spec: properties: - cloudFunction: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - functionRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. A user-defined name of the Cloud Function. - The function name is case-sensitive and must be 1-63 characters long. - Example value: "func1". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + blocked: + description: If a device is blocked, connections or requests from + this device will fail. + type: boolean + credentials: + description: The credentials used to authenticate this device. + items: + properties: + expirationTime: + description: The time at which this credential becomes invalid. + type: string + publicKey: + description: A public key used to verify the signature of JSON + Web Tokens (JWTs). + properties: + format: + description: 'The format of the key. Possible values: ["RSA_PEM", + "RSA_X509_PEM", "ES256_PEM", "ES256_X509_PEM"].' + type: string + key: + description: The key data. + type: string required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - urlMask: - description: |- - Immutable. A template to parse function field from a request URL. URL mask allows - for routing to multiple Cloud Functions without having to create - multiple Network Endpoint Groups and backend services. - - For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" - can be backed by the same Serverless NEG with URL mask "/". The URL mask - will parse them to { function = "function1" } and { function = "function2" } respectively. - type: string - type: object - cloudRun: - description: |- - Immutable. Only valid when networkEndpointType is "SERVERLESS". - Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. - properties: - serviceRef: - description: |- - Only `external` field is supported to configure the reference. - - Immutable. Cloud Run service is the main resource of Cloud Run. - The service must be 1-63 characters long, and comply with RFC1035. - Example value: "run-service". - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `RunService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tag: - description: |- - Immutable. Cloud Run tag represents the "named-revision" to provide - additional fine-grained traffic routing information. - The tag must be 1-63 characters long, and comply with RFC1035. - Example value: "revision-0010". - type: string - urlMask: - description: |- - Immutable. A template to parse service and tag fields from a request URL. - URL mask allows for routing to multiple Run services without having - to create multiple network endpoint groups and backend services. - - For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" - an be backed by the same Serverless Network Endpoint Group (NEG) with - URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } - and { service="bar2", tag="foo2" } respectively. - type: string - type: object - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. - type: string - networkEndpointType: - description: 'Immutable. Type of network endpoints in this network - endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" - Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' - type: string - networkRef: - description: |- - Immutable. This field is only used for PSC. - The URL of the network to which all network endpoints in the NEG belong. Uses - "default" project network if unspecified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + - format + - key + type: object required: - - external + - publicKey + type: object + type: array + gatewayConfig: + description: Gateway-related configuration and state. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + gatewayAuthMethod: + description: 'Indicates whether the device is a gateway. Possible + values: ["ASSOCIATION_ONLY", "DEVICE_AUTH_TOKEN_ONLY", "ASSOCIATION_AND_DEVICE_AUTH_TOKEN"].' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + gatewayType: + description: 'Immutable. Indicates whether the device is a gateway. + Default value: "NON_GATEWAY" Possible values: ["GATEWAY", "NON_GATEWAY"].' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + lastAccessedGatewayId: + description: The ID of the gateway the device accessed most recently. + type: string + lastAccessedGatewayTime: + description: The most recent time at which the device accessed + the gateway specified in last_accessed_gateway. type: string type: object - pscTargetService: - description: |- - Immutable. The target service url used to set up private service connection to - a Google API or a PSC Producer Service Attachment. + logLevel: + description: 'The logging verbosity for device activity. Possible + values: ["NONE", "ERROR", "INFO", "DEBUG"].' type: string - region: - description: Immutable. A reference to the region where the Serverless - NEGs Reside. + metadata: + additionalProperties: + type: string + description: The metadata key-value pairs assigned to the device. + type: object + registry: + description: Immutable. The name of the device registry where this + device should be created. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subnetworkRef: - description: |- - Immutable. This field is only used for PSC. - Optional URL of the subnetwork to which all network endpoints in the NEG belong. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - region + - registry type: object status: properties: @@ -19733,216 +17901,74 @@ spec: type: string type: object type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computereservations.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeReservation - plural: computereservations - shortNames: - - gcpcomputereservation - - gcpcomputereservations - singular: computereservation - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - specificReservation: - description: Reservation for instances with specific machine shapes. - properties: - count: - description: The number of resources that are allocated. - type: integer - inUseCount: - description: How many instances are in use. - type: integer - instanceProperties: - description: Immutable. The instance properties for the reservation. - properties: - guestAccelerators: - description: Immutable. Guest accelerator type and count. - items: - properties: - acceleratorCount: - description: |- - Immutable. The number of the guest accelerator cards exposed to - this instance. - type: integer - acceleratorType: - description: |- - Immutable. The full or partial URL of the accelerator type to - attach to this instance. For example: - 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' - - If you are creating an instance template, specify only the accelerator name. - type: string - required: - - acceleratorCount - - acceleratorType - type: object - type: array - localSsds: - description: |- - Immutable. The amount of local ssd to reserve with each instance. This - reserves disks of type 'local-ssd'. - items: - properties: - diskSizeGb: - description: Immutable. The size of the disk in base-2 - GB. - type: integer - interface: - description: 'Immutable. The disk interface to use for - attaching this disk. Default value: "SCSI" Possible - values: ["SCSI", "NVME"].' - type: string - required: - - diskSizeGb - type: object - type: array - machineType: - description: Immutable. The name of the machine type to reserve. - type: string - minCpuPlatform: - description: |- - Immutable. The minimum CPU platform for the reservation. For example, - '"Intel Skylake"'. See - the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) - for information on available CPU platforms. - type: string - required: - - machineType - type: object - required: - - count - - instanceProperties - type: object - specificReservationRequired: - description: |- - Immutable. When set to true, only VMs that target this reservation by name can - consume this reservation. Otherwise, it can be consumed by VMs with - affinity for any reservation. Defaults to false. - type: boolean - zone: - description: Immutable. The zone where the reservation is made. - type: string - required: - - specificReservation - - zone - type: object - status: - properties: - commitment: - description: |- - Full or partial URL to a parent commitment. This field displays for - reservations that are tied to a commitment. - type: string - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + config: + description: The most recent device configuration, which is eventually + sent from Cloud IoT Core to the device. items: properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. + binaryData: + description: The device configuration data. type: string - message: - description: Human-readable message indicating details about - last transition. + cloudUpdateTime: + description: The time at which this configuration version was + updated in Cloud IoT Core. type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. + deviceAckTime: + description: |- + The time at which Cloud IoT Core received the acknowledgment from the device, + indicating that the device has received this configuration version. type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. + version: + description: The version of this update. type: string - type: - description: Type is the type of the condition. + type: object + type: array + lastConfigAckTime: + description: The last time a cloud-to-device config version acknowledgment + was received from the device. + type: string + lastConfigSendTime: + description: The last time a cloud-to-device config version was sent + to the device. + type: string + lastErrorStatus: + description: The error message of the most recent error, such as a + failure to publish to Cloud Pub/Sub. + items: + properties: + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: A developer-facing error message, which should + be in English. type: string + number: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. + lastErrorTime: + description: The time the most recent error occurred, such as a failure + to publish to Cloud Pub/Sub. + type: string + lastEventTime: + description: The last time a telemetry event was received. + type: string + lastHeartbeatTime: + description: The last time an MQTT PINGREQ was received. + type: string + lastStateTime: + description: The last time a state event was received. + type: string + numId: + description: |- + A server-defined unique numeric ID for the device. + This is a more compact way to identify devices, and it is globally unique. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -19951,11 +17977,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - status: - description: The status of the reservation. - type: string + state: + description: The state most recently received from the device. + items: + properties: + binaryData: + description: The device state data. + type: string + updateTime: + description: The time at which this state version was updated + in Cloud IoT Core. + type: string + type: object + type: array type: object required: - spec @@ -19975,25 +18009,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeresourcepolicies.compute.cnrm.cloud.google.com + name: cloudschedulerjobs.cloudscheduler.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudscheduler.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeResourcePolicy - plural: computeresourcepolicies + kind: CloudSchedulerJob + plural: cloudschedulerjobs shortNames: - - gcpcomputeresourcepolicy - - gcpcomputeresourcepolicies - singular: computeresourcepolicy + - gcpcloudschedulerjob + - gcpcloudschedulerjobs + singular: cloudschedulerjob preserveUnknownFields: false scope: Namespaced versions: @@ -20031,205 +18065,366 @@ spec: type: object spec: properties: - description: - description: Immutable. An optional description of this resource. - Provide this property when you create the resource. - type: string - groupPlacementPolicy: - description: Immutable. Resource policy for instances used for placement - configuration. - properties: - availabilityDomainCount: - description: |- - Immutable. The number of availability domains instances will be spread across. If two instances are in different - availability domain, they will not be put in the same low latency network. - type: integer - collocation: - description: |- - Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. - Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created - with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy - attached. Possible values: ["COLLOCATED"]. - type: string - maxDistance: - description: Immutable. Specifies the number of max logical switches. - type: integer - vmCount: - description: |- - Immutable. Number of VMs in this placement group. Google does not recommend that you use this field - unless you use a compact policy and you want your policy to work only if it contains this - exact number of VMs. - type: integer - type: object - instanceSchedulePolicy: - description: Immutable. Resource policy for scheduling instance operations. + appEngineHttpTarget: + description: App Engine HTTP target. properties: - expirationTime: - description: Immutable. The expiration time of the schedule. The - timestamp is an RFC3339 string. - type: string - startTime: - description: Immutable. The start time of the schedule. The timestamp - is an RFC3339 string. - type: string - timeZone: - description: |- - Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name - from the tz database: http://en.wikipedia.org/wiki/Tz_database. - type: string - vmStartSchedule: - description: Immutable. Specifies the schedule for starting instances. + appEngineRouting: + description: App Engine Routing setting for the job. properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + instance: + description: App instance. By default, the job is sent to + an instance which is available when the job is attempted. + Requests can only be sent to a specific instance if [manual + scaling is used in App Engine Standard](https://cloud.google.com/appengine/docs/python/an-overview-of-app-engine?hl=en_US#scaling_types_and_instance_classes). + App Engine Flex does not support instances. For more information, + see [App Engine Standard request routing](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed) + and [App Engine Flex request routing](https://cloud.google.com/appengine/docs/flexible/python/how-requests-are-routed). type: string - required: - - schedule - type: object - vmStopSchedule: - description: Immutable. Specifies the schedule for stopping instances. - properties: - schedule: - description: Immutable. Specifies the frequency for the operation, - using the unix-cron format. + service: + description: App service. By default, the job is sent to the + service which is the default service when the job is attempted. type: string - required: - - schedule - type: object - required: - - timeZone - type: object - region: - description: Immutable. Region where resource policy resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - snapshotSchedulePolicy: - description: Immutable. Policy for creating snapshots of persistent - disks. - properties: - retentionPolicy: - description: Immutable. Retention policy applied to snapshots - created by this resource policy. - properties: - maxRetentionDays: - description: Immutable. Maximum age of the snapshot that is - allowed to be kept. - type: integer - onSourceDiskDelete: - description: |- - Immutable. Specifies the behavior to apply to scheduled snapshots when - the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + version: + description: App version. By default, the job is sent to the + version which is the default version when the job is attempted. type: string - required: - - maxRetentionDays type: object - schedule: - description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', - or 'weeklySchedule'. - properties: - dailySchedule: - description: Immutable. The policy will execute every nth - day at the specified time. + body: + description: Body. HTTP request body. A request body is allowed + only if the HTTP method is POST or PUT. It will result in invalid + argument error to set a body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'HTTP request headers. This map contains the header + field names and values. Headers can be set when the job is created. + Cloud Scheduler sets some headers to default values: * `User-Agent`: + By default, this header is `"App Engine-Google; (+http://code.google.com/appengine)"`. + This header can be modified, but Cloud Scheduler will append + `"App Engine-Google; (+http://code.google.com/appengine)"` to + the modified `User-Agent`. * `X-CloudScheduler`: This header + will be set to true. The headers below are output only. They + cannot be set or overridden: * `X-Google-*`: For Google internal + use only. * `X-App Engine-*`: For Google internal use only. + In addition, some App Engine headers, which contain job-specific + information, are also be sent to the job handler.' + type: object + httpMethod: + description: 'The HTTP method to use for the request. PATCH and + OPTIONS are not permitted. Possible values: HTTP_METHOD_UNSPECIFIED, + POST, GET, HEAD, PUT, DELETE, PATCH, OPTIONS' + type: string + relativeUri: + description: The relative URI. The relative URL must begin with + "/" and must be a valid HTTP relative URL. It can contain a + path, query string arguments, and `#` fragments. If the relative + URL is empty, then the root path "/" will be used. No spaces + are allowed, and the maximum length allowed is 2083 characters. + type: string + type: object + attemptDeadline: + description: 'The deadline for job attempts. If the request handler + does not respond by this deadline then the request is cancelled + and the attempt is marked as a `DEADLINE_EXCEEDED` failure. The + failed attempt can be viewed in execution logs. Cloud Scheduler + will retry the job according to the RetryConfig. The allowed duration + for this deadline is: * For HTTP targets, between 15 seconds and + 30 minutes. * For App Engine HTTP targets, between 15 seconds and + 24 hours.' + type: string + description: + description: Optionally caller-specified in CreateJob or UpdateJob. + A human-readable description for the job. This string must not contain + more than 500 characters. + type: string + httpTarget: + description: HTTP target. + properties: + body: + description: HTTP request body. A request body is allowed only + if the HTTP method is POST, PUT, or PATCH. It is an error to + set body on a job with an incompatible HttpMethod. + type: string + headers: + additionalProperties: + type: string + description: 'The user can specify HTTP request headers to send + with the job''s HTTP request. This map contains the header field + names and values. Repeated headers are not supported, but a + header value can contain commas. These headers represent a subset + of the headers that will accompany the job''s HTTP request. + Some HTTP request headers will be ignored or replaced. A partial + list of headers that will be ignored or replaced is below: - + Host: This will be computed by Cloud Scheduler and derived from + uri. * `Content-Length`: This will be computed by Cloud Scheduler. + * `User-Agent`: This will be set to `"Google-Cloud-Scheduler"`. + * `X-Google-*`: Google internal use only. * `X-appengine-*`: + Google internal use only. The total size of headers must be + less than 80KB.' + type: object + httpMethod: + description: 'Which HTTP method to use for the request. Possible + values: HTTP_METHOD_UNSPECIFIED, POST, GET, HEAD, PUT, DELETE, + PATCH, OPTIONS' + type: string + oauthToken: + description: If specified, an [OAuth token](https://developers.google.com/identity/protocols/OAuth2) + will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization should generally + only be used when calling Google APIs hosted on *.googleapis.com. + properties: + scope: + description: OAuth scope to be used for generating OAuth access + token. If not specified, "https://www.googleapis.com/auth/cloud-platform" + will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - daysInCycle: - description: Immutable. The number of days between snapshots. - type: integer - startTime: + external: description: |- - Immutable. This must be in UTC format that resolves to one of - 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, - both 13:00-5 and 08:00 are valid. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OAuth token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - daysInCycle - - startTime type: object - hourlySchedule: - description: Immutable. The policy will execute every nth - hour starting at the specified time. + type: object + oidcToken: + description: If specified, an [OIDC](https://developers.google.com/identity/protocols/OpenIDConnect) + token will be generated and attached as an `Authorization` header + in the HTTP request. This type of authorization can be used + for many scenarios, including calling Cloud Run, or endpoints + where you intend to validate the token yourself. + properties: + audience: + description: Audience to be used when generating OIDC token. + If not specified, the URI specified in target will be used. + type: string + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hoursInCycle: - description: Immutable. The number of hours between snapshots. - type: integer - startTime: + external: description: |- - Immutable. Time within the window to start the operations. - It must be in an hourly format "HH:MM", - where HH : [00-23] and MM : [00] GMT. - eg: 21:00. + [Service account email](https://cloud.google.com/iam/docs/service-accounts) to be used for generating OIDC token. The service account must be within the same project as the job. The caller must have iam.serviceAccounts.actAs permission for the service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - hoursInCycle - - startTime - type: object - weeklySchedule: - description: Immutable. Allows specifying a snapshot time - for each day of the week. - properties: - dayOfWeeks: - description: Immutable. May contain up to seven (one for - each day of the week) snapshot times. - items: - properties: - day: - description: 'Immutable. The day of the week to - create the snapshot. e.g. MONDAY Possible values: - ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", - "FRIDAY", "SATURDAY", "SUNDAY"].' - type: string - startTime: - description: |- - Immutable. Time within the window to start the operations. - It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. - type: string - required: - - day - - startTime - type: object - type: array - required: - - dayOfWeeks type: object type: object - snapshotProperties: - description: Immutable. Properties with which the snapshots are - created, such as labels. + uri: + description: 'Required. The full URI path that the request will + be sent to. This string must begin with either "http://" or + "https://". Some examples of valid values for uri are: `http://acme.com` + and `https://acme.com/sales:8080`. Cloud Scheduler will encode + some characters for safety and compatibility. The maximum allowed + URL length is 2083 characters after encoding.' + type: string + required: + - uri + type: object + location: + description: Immutable. The location for the resource + type: string + pubsubTarget: + description: Pub/Sub target. + properties: + attributes: + additionalProperties: + type: string + description: Attributes for PubsubMessage. Pubsub message must + contain either non-empty data, or at least one attribute. + type: object + data: + description: The message payload for PubsubMessage. Pubsub message + must contain either non-empty data, or at least one attribute. + type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name - must be 1-63 characters long and comply \nwith RFC1035." - type: string - guestFlush: - description: Immutable. Whether to perform a 'guest aware' - snapshot. - type: boolean - labels: - additionalProperties: - type: string - description: Immutable. A set of key-value pairs. - type: object - storageLocations: + external: description: |- - Immutable. Cloud Storage bucket location to store the auto snapshot - (regional or multi-regional). - items: - type: string - type: array + Required. The name of the Cloud Pub/Sub topic to which messages will be published when a job is delivered. The topic name must be in the same format as required by Pub/Sub's [PublishRequest.name](https://cloud.google.com/pubsub/docs/reference/rpc/google.pubsub.v1#publishrequest), for example `projects/PROJECT_ID/topics/TOPIC_ID`. The topic must be in the same project as the Cloud Scheduler job. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - schedule + - topicRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxBackoffDuration: + description: The maximum amount of time to wait before retrying + a job after it fails. The default value of this field is 1 hour. + type: string + maxDoublings: + description: The time between retries will double `max_doublings` + times. A job's retry interval starts at min_backoff_duration, + then doubles `max_doublings` times, then increases linearly, + and finally retries at intervals of max_backoff_duration up + to retry_count times. For example, if min_backoff_duration is + 10s, max_backoff_duration is 300s, and `max_doublings` is 3, + then the a job will first be retried in 10s. The retry interval + will double three times, and then increase linearly by 2^3 * + 10s. Finally, the job will retry at intervals of max_backoff_duration + until the job has been attempted retry_count times. Thus, the + requests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, + 300s, .... The default value of this field is 5. + format: int64 + type: integer + maxRetryDuration: + description: The time limit for retrying a failed job, measured + from time when an execution was first attempted. If specified + with retry_count, the job will be retried until both limits + are reached. The default value for max_retry_duration is zero, + which means retry duration is unlimited. + type: string + minBackoffDuration: + description: The minimum amount of time to wait before retrying + a job after it fails. The default value of this field is 5 seconds. + type: string + retryCount: + description: The number of attempts that the system will make + to run a job using the exponential backoff procedure described + by max_doublings. The default value of retry_count is zero. + If retry_count is zero, a job attempt will *not* be retried + if it fails. Instead the Cloud Scheduler system will wait for + the next scheduled execution time. If retry_count is set to + a non-zero number then Cloud Scheduler will retry failed attempts, + using exponential backoff, retry_count times, or until the next + scheduled execution time, whichever comes first. Values greater + than 5 and negative values are not allowed. + format: int64 + type: integer type: object + schedule: + description: 'Required, except when used with UpdateJob. Describes + the schedule on which the job will be executed. The schedule can + be either of the following types: * [Crontab](http://en.wikipedia.org/wiki/Cron#Overview) + * English-like [schedule](https://cloud.google.com/scheduler/docs/configuring/cron-job-schedules) + As a general rule, execution `n + 1` of a job will not begin until + execution `n` has finished. Cloud Scheduler will never allow two + simultaneously outstanding executions. For example, this implies + that if the `n+1`th execution is scheduled to run at 16:00 but the + `n`th execution takes until 16:15, the `n+1`th execution will not + start until `16:15`. A scheduled start time will be delayed if the + previous execution has not ended when its scheduled time occurs. + If retry_count > 0 and a job attempt fails, the job will be tried + a total of retry_count times, with exponential backoff, until the + next scheduled start time.' + type: string + timeZone: + description: Specifies the time zone to be used in interpreting schedule. + The value of this field must be a time zone name from the [tz database](http://en.wikipedia.org/wiki/Tz_database). + Note that some time zones include a provision for daylight savings + time. The rules for daylight saving time are determined by the chosen + tz. For UTC use the string "utc". If a time zone is not specified, + the default will be in UTC (also known as GMT). + type: string required: - - region + - location type: object status: properties: + appEngineHttpTarget: + properties: + appEngineRouting: + properties: + host: + description: 'Output only. The host that the job is sent to. + For more information about how App Engine requests are routed, + see [here](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed). + The host is constructed as: * `host = [application_domain_name]` + `| [service] + ''.'' + [application_domain_name]` `| [version] + + ''.'' + [application_domain_name]` `| [version_dot_service]+ + ''.'' + [application_domain_name]` `| [instance] + ''.'' + + [application_domain_name]` `| [instance_dot_service] + + ''.'' + [application_domain_name]` `| [instance_dot_version] + + ''.'' + [application_domain_name]` `| [instance_dot_version_dot_service] + + ''.'' + [application_domain_name]` * `application_domain_name` + = The domain name of the app, for example .appspot.com, + which is associated with the job''s project ID. * `service + =` service * `version =` version * `version_dot_service + =` version `+ ''.'' +` service * `instance =` instance * + `instance_dot_service =` instance `+ ''.'' +` service * + `instance_dot_version =` instance `+ ''.'' +` version * + `instance_dot_version_dot_service =` instance `+ ''.'' +` + version `+ ''.'' +` service If service is empty, then the + job will be sent to the service which is the default service + when the job is attempted. If version is empty, then the + job will be sent to the version which is the default version + when the job is attempted. If instance is empty, then the + job will be sent to an instance which is available when + the job is attempted. If service, version, or instance is + invalid, then the job will be sent to the default version + of the default service when the job is attempted.' + type: string + type: object + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -20256,6 +18451,10 @@ spec: type: string type: object type: array + lastAttemptTime: + description: Output only. The time the last job attempt started. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20263,7 +18462,71 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + scheduleTime: + description: Output only. The next time the job is scheduled. Note + that this may be a retry of a previously failed attempt or the next + execution time according to the schedule. + format: date-time + type: string + state: + description: 'Output only. State of the job. Possible values: STATE_UNSPECIFIED, + ENABLED, PAUSED, DISABLED, UPDATE_FAILED' + type: string + status: + description: Output only. The response from the target for the last + attempted execution. + properties: + code: + description: The status code, which should be an enum value of + google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. This + string must contain at least one "/" character. The last + segment of the URL''s path must represent the fully qualified + name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually precompile + into the binary all types that they expect it to use in + the context of Any. However, for URLs which use the scheme + `http`, `https`, or no scheme, one can optionally set + up a type server that maps type URLs to message definitions + as follows: * If no scheme is provided, `https` is assumed. + * An HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the URL, + or have them precompiled into a binary to avoid any lookup. + Therefore, binary compatibility needs to be preserved + on changes to types. (Use versioned type names to manage + breaking changes.) Note: this functionality is not currently + available in the official protobuf release, and it is + not used for type URLs beginning with type.googleapis.com. + Schemes other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should be + in English. Any user-facing error message should be localized + and sent in the google.rpc.Status.details field, or localized + by the client. + type: string + type: object + userUpdateTime: + description: Output only. The creation time of the job. + format: date-time type: string type: object required: @@ -20284,25 +18547,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterinterfaces.compute.cnrm.cloud.google.com + name: cloudtasksqueues.cloudtasks.cnrm.cloud.google.com spec: - group: compute.cnrm.cloud.google.com + group: cloudtasks.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterInterface - plural: computerouterinterfaces + kind: CloudTasksQueue + plural: cloudtasksqueues shortNames: - - gcpcomputerouterinterface - - gcpcomputerouterinterfaces - singular: computerouterinterface + - gcpcloudtasksqueue + - gcpcloudtasksqueues + singular: cloudtasksqueue preserveUnknownFields: false scope: Namespaced versions: @@ -20322,7 +18585,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -20340,7 +18603,38 @@ spec: type: object spec: properties: - interconnectAttachmentRef: + appEngineRoutingOverride: + description: |- + Overrides for task-level appEngineRouting. These settings apply only + to App Engine tasks in this queue. + properties: + host: + description: The host that the task is sent to. + type: string + instance: + description: |- + App instance. + + By default, the task is sent to an instance which is available when the task is attempted. + type: string + service: + description: |- + App service. + + By default, the task is sent to the service which is the default service when the task is attempted. + type: string + version: + description: |- + App version. + + By default, the task is sent to the version which is the default version when the task is attempted. + type: string + type: object + location: + description: Immutable. The location of the queue. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20357,8 +18651,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20367,40 +18660,252 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - ipRange: - description: Immutable. The IP address and range of the interface. - The IP range must be in the RFC3927 link-local IP space. Changing - this forces a new interface to be created. - type: string - privateIpAddressRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + rateLimits: + description: |- + Rate limits for task dispatches. + + The queue's actual dispatch rate is the result of: + + * Number of tasks in the queue + * User-specified throttling: rateLimits, retryConfig, and the queue's state. + * System throttling due to 429 (Too Many Requests) or 503 (Service + Unavailable) responses from the worker, high error rates, or to + smooth sudden large traffic spikes. properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' + maxBurstSize: + description: |- + The max burst size. + + Max burst size limits how fast tasks in queue are processed when many tasks are + in the queue and the rate is high. This field allows the queue to have a high + rate so processing starts shortly after a task is enqueued, but still limits + resource usage when many tasks are enqueued in a short period of time. + type: integer + maxConcurrentDispatches: + description: |- + The maximum number of concurrent tasks that Cloud Tasks allows to + be dispatched for this queue. After this threshold has been + reached, Cloud Tasks stops dispatching tasks until the number of + concurrent requests decreases. + type: integer + maxDispatchesPerSecond: + description: |- + The maximum rate at which tasks are dispatched from this queue. + + If unspecified when the queue is created, Cloud Tasks will pick the default. + type: number + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConfig: + description: Settings that determine the retry behavior. + properties: + maxAttempts: + description: |- + Number of attempts per task. + + Cloud Tasks will attempt the task maxAttempts times (that is, if + the first attempt fails, then there will be maxAttempts - 1 + retries). Must be >= -1. + + If unspecified when the queue is created, Cloud Tasks will pick + the default. + + -1 indicates unlimited attempts. + type: integer + maxBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + maxDoublings: + description: |- + The time between retries will double maxDoublings times. + + A task's retry interval starts at minBackoff, then doubles maxDoublings times, + then increases linearly, and finally retries retries at intervals of maxBackoff + up to maxAttempts times. + type: integer + maxRetryDuration: + description: |- + If positive, maxRetryDuration specifies the time limit for + retrying a failed task, measured from when the task was first + attempted. Once maxRetryDuration time has passed and the task has + been attempted maxAttempts times, no further attempts will be + made and the task will be deleted. + + If zero, then the task age is unlimited. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minBackoff: + description: |- + A task will be scheduled for retry between minBackoff and + maxBackoff duration after it fails, if the queue's RetryConfig + specifies that the task should be retried. type: string type: object - redundantInterfaceRef: - description: The interface the BGP peer is associated with. + stackdriverLoggingConfig: + description: Configuration options for writing logs to Stackdriver + Logging. + properties: + samplingRatio: + description: |- + Specifies the fraction of operations to write to Stackdriver Logging. + This field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the + default and means that no operations are logged. + type: number + required: + - samplingRatio + type: object + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeaddresses.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAddress + plural: computeaddresses + shortNames: + - gcpcomputeaddress + - gcpcomputeaddresses + singular: computeaddress + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + address: + description: |- + Immutable. The static external IP address represented by this resource. Only + IPv4 is supported. An address may only be specified for INTERNAL + address types. The IP address must be inside the specified subnetwork, + if any. Set by the API if undefined. + type: string + addressType: + description: |- + Immutable. The type of address to reserve. + Note: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: "EXTERNAL" Possible values: ["INTERNAL", "EXTERNAL"]. + type: string + description: + description: Immutable. An optional description of this resource. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + address. The default value is ''IPV4''. Possible values: ["IPV4", + "IPV6"]. This field can only be specified for a global address.' + type: string + location: + description: 'Location represents the geographical location of the + ComputeAddress. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkRef: + description: |- + The network in which to reserve the address. If global, the address + must be within the RFC1918 IP space. The network cannot be deleted + if there are any reserved IP ranges referring to it. This field can + only be used with INTERNAL type with the VPC_PEERING and + IPSEC_INTERCONNECT purposes. oneOf: - not: required: @@ -20417,7 +18922,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -20427,17 +18932,50 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: Immutable. The region this interface's router sits in. - If not specified, the project region will be used. Changing this - forces a new interface to be created. + networkTier: + description: |- + Immutable. The networking tier used for configuring this address. If this field is not + specified, it is assumed to be PREMIUM. + This argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: ["PREMIUM", "STANDARD"]. + type: string + prefixLength: + description: Immutable. The prefix length if the resource represents + an IP range. + type: integer + purpose: + description: |- + Immutable. The purpose of this resource, which can be one of the following values. + + * GCE_ENDPOINT for addresses that are used by VM instances, alias IP + ranges, load balancers, and similar resources. + + * SHARED_LOADBALANCER_VIP for an address that can be used by multiple + internal load balancers. + + * VPC_PEERING for addresses that are reserved for VPC peer networks. + + * IPSEC_INTERCONNECT for addresses created from a private IP range that + are reserved for a VLAN attachment in an HA VPN over Cloud Interconnect + configuration. These addresses are regional resources. + + * PRIVATE_SERVICE_CONNECT for a private network address that is used to + configure Private Service Connect. Only global internal addresses can use + this purpose. + + + This should only be set when using an Internal address. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - routerRef: + subnetworkRef: + description: |- + The subnetwork in which to reserve the address. If an IP address is + specified, it must be within the subnetwork's IP range. This field + can only be used with INTERNAL type with GCE_ENDPOINT/DNS_RESOLVER + purposes. oneOf: - not: required: @@ -20454,7 +18992,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -20464,7 +19002,409 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - subnetworkRef: + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + users: + description: The URLs of the resources that are using this address. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeAutoscaler + plural: computeautoscalers + shortNames: + - gcpcomputeautoscaler + - gcpcomputeautoscalers + singular: computeautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -20481,8 +19421,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -20491,7 +19430,12 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - vpnTunnelRef: + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetRef: oneOf: - not: required: @@ -20508,7 +19452,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceGroupManager` resource.' type: string name: @@ -20518,9 +19462,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + zone: + description: Immutable. URL of the zone where the instance group resides. + type: string required: - - region - - routerRef + - autoscalingPolicy + - projectRef + - targetRef + - zone type: object status: properties: @@ -20550,6 +19499,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -20557,6 +19509,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -20576,25 +19530,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouternats.compute.cnrm.cloud.google.com + name: computebackendbuckets.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterNAT - plural: computerouternats + kind: ComputeBackendBucket + plural: computebackendbuckets shortNames: - - gcpcomputerouternat - - gcpcomputerouternats - singular: computerouternat + - gcpcomputebackendbucket + - gcpcomputebackendbuckets + singular: computebackendbucket preserveUnknownFields: false scope: Namespaced versions: @@ -20632,126 +19586,8 @@ spec: type: object spec: properties: - drainNatIps: - items: - description: |- - A list of IP resources to be drained. These IPs must be valid - static external IPs that have been assigned to the NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - enableDynamicPortAllocation: - description: |- - Enable Dynamic Port Allocation. - If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. - If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. - If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. - If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. - - Mutually exclusive with enableEndpointIndependentMapping. - type: boolean - enableEndpointIndependentMapping: - description: |- - Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information - see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). - type: boolean - icmpIdleTimeoutSec: - description: Timeout (in seconds) for ICMP connections. Defaults to - 30s if not set. - type: integer - logConfig: - description: Configuration for logging on NAT. - properties: - enable: - description: Indicates whether or not to export logs. - type: boolean - filter: - description: 'Specifies the desired filtering of logs on this - NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' - type: string - required: - - enable - - filter - type: object - maxPortsPerVm: - description: |- - Maximum number of ports allocated to a VM from this NAT. - This field can only be set when enableDynamicPortAllocation is enabled. - type: integer - minPortsPerVm: - description: Minimum number of ports allocated to a VM from this NAT. - type: integer - natIpAllocateOption: - description: |- - How external IPs should be allocated for this NAT. Valid values are - 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud - Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. - type: string - natIps: - items: - description: NAT IPs. Only valid if natIpAllocateOption is set to - MANUAL_ONLY. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Region where the router and NAT reside. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerRef: - description: The Cloud Router in which this NAT will be configured. + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -20768,7 +19604,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -20778,206 +19614,132 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - rules: - description: A list of rules associated with this NAT. - items: - properties: - action: - description: The action to be enforced for traffic that matches - this rule. - properties: - sourceNatActiveIpsRefs: - items: - description: |- - A list of URLs of the IP resources used for this NAT rule. These IP - addresses must be valid static external IP addresses assigned to the - project. This field is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sourceNatDrainIpsRefs: - items: - description: |- - A list of URLs of the IP resources to be drained. These IPs must be - valid static external IPs that have been assigned to the NAT. These - IPs should be used for updating/patching a NAT rule only. This field - is used for public NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeAddress` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - description: - description: An optional description of this rule. - type: string - match: - description: |- - CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. - If it evaluates to true, the corresponding action is enforced. - - The following examples are valid match expressions for public NAT: - - "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" - - "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" - - The following example is a valid match expression for private NAT: - - "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". - type: string - ruleNumber: - description: |- - An integer uniquely identifying a rule in the list. - The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. - type: integer - required: - - match - - ruleNumber - type: object - type: array - sourceSubnetworkIpRangesToNat: - description: |- - How NAT should be configured per Subnetwork. - If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the - IP ranges in every Subnetwork are allowed to Nat. - If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP - ranges in every Subnetwork are allowed to Nat. - 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat - (specified in the field subnetwork below). Note that if this field - contains ALL_SUBNETWORKS_ALL_IP_RANGES or - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any - other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. - type: string - subnetwork: - description: |- - One or more subnetwork NAT configurations. Only used if - 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. - items: - properties: - secondaryIpRangeNames: - description: |- - List of the secondary ranges of the subnetwork that are allowed - to use NAT. This can be populated only if - 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in - sourceIpRangesToNat. - items: - type: string - type: array - sourceIpRangesToNat: - description: |- - List of options for which source IPs in the subnetwork - should have NAT enabled. Supported values include: - 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', - 'PRIMARY_IP_RANGE'. - items: - type: string - type: array - subnetworkRef: - description: The subnetwork to NAT. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + cdnPolicy: + description: Cloud CDN configuration for this Backend Bucket. + properties: + bypassCacheOnRequestHeaders: + description: Bypass the cache when the specified request headers + are matched - e.g. Pragma or Authorization headers. Up to 5 + headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode + settings. + items: properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' + headerName: + description: The header field name to match on when bypassing + cache. Values are case-insensitive. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: object + type: array + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + Default parameters are always included. '&' and '=' will + be percent encoded and not treated as delimiters. + items: type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. + type: string + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. + items: + properties: + code: + description: |- + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object - required: - - sourceIpRangesToNat - - subnetworkRef - type: object + type: array + requestCoalescing: + description: If true then Cloud CDN will combine multiple concurrent + cache fill requests into a small number of requests to the origin. + type: boolean + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. + type: integer + signedUrlCacheMaxAgeSec: + description: |- + Maximum number of seconds the response to a signed URL request will + be considered fresh. After this time period, + the response will be revalidated before being served. + When serving responses to signed URL requests, + Cloud CDN will internally behave as though + all responses from this backend had a "Cache-Control: public, + max-age=[TTL]" header, regardless of any existing Cache-Control + header. The actual headers served in responses will not be altered. + type: integer + type: object + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' + type: string + customResponseHeaders: + description: Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string type: array - tcpEstablishedIdleTimeoutSec: - description: |- - Timeout (in seconds) for TCP established connections. - Defaults to 1200s if not set. - type: integer - tcpTimeWaitTimeoutSec: - description: |- - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. - Defaults to 120s if not set. - type: integer - tcpTransitoryIdleTimeoutSec: + description: description: |- - Timeout (in seconds) for TCP transitory connections. - Defaults to 30s if not set. - type: integer - udpIdleTimeoutSec: - description: Timeout (in seconds) for UDP connections. Defaults to - 30s if not set. - type: integer + An optional textual description of the resource; provided by the + client when the resource is created. + type: string + edgeSecurityPolicy: + description: The security policy associated with this backend bucket. + type: string + enableCdn: + description: If true, enable Cloud CDN for this BackendBucket. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - natIpAllocateOption - - region - - routerRef - - sourceSubnetworkIpRangesToNat + - bucketRef type: object status: properties: @@ -21007,6 +19769,9 @@ spec: type: string type: object type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21014,6 +19779,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + type: string type: object required: - spec @@ -21033,25 +19800,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouterpeers.compute.cnrm.cloud.google.com + name: computebackendbucketsignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouterPeer - plural: computerouterpeers + kind: ComputeBackendBucketSignedURLKey + plural: computebackendbucketsignedurlkeys shortNames: - - gcpcomputerouterpeer - - gcpcomputerouterpeers - singular: computerouterpeer + - gcpcomputebackendbucketsignedurlkey + - gcpcomputebackendbucketsignedurlkeys + singular: computebackendbucketsignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -21071,7 +19838,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -21089,150 +19856,24 @@ spec: type: object spec: properties: - advertiseMode: - description: |- - User-specified flag to indicate which mode to use for advertisement. - Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. - type: string - advertisedGroups: - description: |- - User-specified list of prefix groups to advertise in custom - mode, which can take one of the following options: - - * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. - * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. - * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. - - - Note that this field can only be populated if advertiseMode is 'CUSTOM' - and overrides the list defined for the router (in the "bgp" message). - These groups are advertised in addition to any specified prefixes. - Leave this field blank to advertise no custom groups. - items: - type: string - type: array - advertisedIpRanges: - description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is 'CUSTOM' and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. - items: - properties: - description: - description: User-specified description for the IP range. - type: string - range: - description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string + backendBucketRef: + oneOf: + - not: + required: + - external required: - - range - type: object - type: array - advertisedRoutePriority: - description: |- - The priority of routes advertised to this BGP peer. - Where there is more than one matching route of maximum - length, the routes with the lowest priority value win. - type: integer - bfd: - description: BFD configuration for the BGP peering. - properties: - minReceiveInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - received from the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the transmit interval of the other router. If set, this value - must be between 1000 and 30000. - type: integer - minTransmitInterval: - description: |- - The minimum interval, in milliseconds, between BFD control packets - transmitted to the peer router. The actual value is negotiated - between the two routers and is equal to the greater of this value - and the corresponding receive interval of the other router. If set, - this value must be between 1000 and 30000. - type: integer - multiplier: - description: |- - The number of consecutive BFD packets that must be missed before - BFD declares that a peer is unavailable. If set, the value must - be a value between 5 and 16. - type: integer - sessionInitializationMode: - description: |- - The BFD session initialization mode for this BGP peer. - If set to 'ACTIVE', the Cloud Router will initiate the BFD session - for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait - for the peer router to initiate the BFD session for this BGP peer. - If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. - type: string - required: - - sessionInitializationMode - type: object - enable: - description: |- - The status of the BGP peer connection. If set to false, any active session - with the peer is terminated and all associated routing information is removed. - If set to true, the peer connection can be established with routing information. - The default is true. - type: boolean - ipAddress: - description: |- - IP address of the interface inside Google Cloud Platform. - Only IPv4 is supported. - properties: - external: - type: string - type: object - peerAsn: - description: |- - Peer BGP Autonomous System Number (ASN). - Each BGP interface may use a different value. - type: integer - peerIpAddress: - description: |- - IP address of the BGP interface outside Google Cloud Platform. - Only IPv4 is supported. - type: string - region: - description: |- - Immutable. Region where the router and BgpPeer reside. - If it is not provided, the provider region is used. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - routerApplianceInstanceRef: - description: |- - The URI of the VM instance that is used as third-party router - appliances such as Next Gen Firewalls, Virtual Routers, or Router - Appliances. The VM instance must be located in zones contained in - the same region as this Cloud Router. The VM instance is the peer - side of the BGP session. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `name` field of a `ComputeBackendBucket` resource.' type: string name: @@ -21242,36 +19883,48 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - routerInterfaceRef: - description: The interface the BGP peer is associated with. + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `ComputeRouterInterface` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - routerRef: - description: The Cloud Router in which this BGP peer will be configured. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -21288,8 +19941,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeRouter` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -21298,12 +19950,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - peerAsn - - peerIpAddress - - region - - routerInterfaceRef - - routerRef + - backendBucketRef + - keyValue + - projectRef type: object status: properties: @@ -21333,19 +19988,6 @@ spec: type: string type: object type: array - managementType: - description: |- - The resource that configures and manages this BGP peer. - - * 'MANAGED_BY_USER' is the default value and can be managed by - you or other users - * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and - managed by Cloud Interconnect, specifically by an - InterconnectAttachment of type PARTNER. Google automatically - creates, updates, and deletes this type of BGP peer when the - PARTNER InterconnectAttachment is created, updated, - or deleted. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -21372,25 +20014,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computerouters.compute.cnrm.cloud.google.com + name: computebackendservices.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeRouter - plural: computerouters + kind: ComputeBackendService + plural: computebackendservices shortNames: - - gcpcomputerouter - - gcpcomputerouters - singular: computerouter + - gcpcomputebackendservice + - gcpcomputebackendservices + singular: computebackendservice preserveUnknownFields: false scope: Namespaced versions: @@ -21428,314 +20070,495 @@ spec: type: object spec: properties: - bgp: - description: BGP information specific to this router. + affinityCookieTtlSec: + description: |- + Lifetime of cookies in seconds if session_affinity is + GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts + only until the end of the browser session (or equivalent). The + maximum allowed value for TTL is one day. + + When the load balancing scheme is INTERNAL, this field is not used. + type: integer + backend: + description: The set of backends that serve this BackendService. + items: + properties: + balancingMode: + description: |- + Specifies the balancing mode for this backend. + + For global HTTP(S) or TCP/SSL load balancing, the default is + UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) + and CONNECTION (for TCP/SSL). + + See the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode) + for an explanation of load balancing modes. Default value: "UTILIZATION" Possible values: ["UTILIZATION", "RATE", "CONNECTION"]. + type: string + capacityScaler: + description: |- + A multiplier applied to the group's maximum servicing capacity + (based on UTILIZATION, RATE or CONNECTION). + + Default value is 1, which means the group will serve up to 100% + of its configured capacity (depending on balancingMode). A + setting of 0 means the group is completely drained, offering + 0% of its available Capacity. Valid range is [0.0,1.0]. + type: number + description: + description: |- + An optional description of this resource. + Provide this property when you create the resource. + type: string + failover: + description: |- + This field designates whether this is a failover backend. More + than one failover backend can be configured for a given RegionBackendService. + type: boolean + group: + description: |- + Reference to a ComputeInstanceGroup or ComputeNetworkEndpointGroup + resource. In case of instance group this defines the list of + instances that serve traffic. Member virtual machine instances from + each instance group must live in the same zone as the instance + group itself. No two backends in a backend service are allowed to + use same Instance Group resource. + + For Network Endpoint Groups this defines list of endpoints. All + endpoints of Network Endpoint Group must be hosted on instances + located in the same zone as the Network Endpoint Group. + + Backend services cannot mix Instance Group and Network Endpoint + Group backends. + + When the 'load_balancing_scheme' is INTERNAL, only instance groups + are supported. + oneOf: + - required: + - instanceGroupRef + - required: + - networkEndpointGroupRef + properties: + instanceGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeInstanceGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetworkEndpointGroup` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + maxConnections: + description: |- + The max number of simultaneous connections for the group. Can + be used with either CONNECTION or UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or one + of maxConnectionsPerInstance or maxConnectionsPerEndpoint, + as appropriate for group type, must be set. + type: integer + maxConnectionsPerEndpoint: + description: |- + The max number of simultaneous connections that a single backend + network endpoint can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either + maxConnections or maxConnectionsPerEndpoint must be set. + type: integer + maxConnectionsPerInstance: + description: |- + The max number of simultaneous connections that a single + backend instance can handle. This is used to calculate the + capacity of the group. Can be used in either CONNECTION or + UTILIZATION balancing modes. + + For CONNECTION mode, either maxConnections or + maxConnectionsPerInstance must be set. + type: integer + maxRate: + description: |- + The max requests per second (RPS) of the group. + + Can be used with either RATE or UTILIZATION balancing modes, + but required if RATE mode. For RATE mode, either maxRate or one + of maxRatePerInstance or maxRatePerEndpoint, as appropriate for + group type, must be set. + type: integer + maxRatePerEndpoint: + description: |- + The max requests per second (RPS) that a single backend network + endpoint can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerEndpoint must be set. + type: number + maxRatePerInstance: + description: |- + The max requests per second (RPS) that a single backend + instance can handle. This is used to calculate the capacity of + the group. Can be used in either balancing mode. For RATE mode, + either maxRate or maxRatePerInstance must be set. + type: number + maxUtilization: + description: |- + Used when balancingMode is UTILIZATION. This ratio defines the + CPU utilization target for the group. Valid range is [0.0, 1.0]. + type: number + required: + - group + type: object + type: array + cdnPolicy: + description: Cloud CDN configuration for this BackendService. properties: - advertiseMode: - description: 'User-specified flag to indicate which mode to use - for advertisement. Default value: "DEFAULT" Possible values: - ["DEFAULT", "CUSTOM"].' + cacheKeyPolicy: + description: The CacheKeyPolicy for this CdnPolicy. + properties: + includeHost: + description: If true requests to different hosts will be cached + separately. + type: boolean + includeHttpHeaders: + description: |- + Allows HTTP request headers (by name) to be used in the + cache key. + items: + type: string + type: array + includeNamedCookies: + description: Names of cookies to include in cache keys. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests will be cached + separately. + type: boolean + includeQueryString: + description: |- + If true, include query string parameters in the cache key + according to query_string_whitelist and + query_string_blacklist. If neither is set, the entire query + string will be included. + + If false, the query string will be excluded from the cache + key entirely. + type: boolean + queryStringBlacklist: + description: |- + Names of query string parameters to exclude in cache keys. + + All other parameters will be included. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + queryStringWhitelist: + description: |- + Names of query string parameters to include in cache keys. + + All other parameters will be excluded. Either specify + query_string_whitelist or query_string_blacklist, not both. + '&' and '=' will be percent encoded and not treated as + delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Specifies the cache setting for all responses from this backend. + The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: ["USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "CACHE_ALL_STATIC"]. type: string - advertisedGroups: + clientTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + defaultTtl: description: |- - User-specified list of prefix groups to advertise in custom mode. - This field can only be populated if advertiseMode is CUSTOM and - is advertised to all peers of the router. These groups will be - advertised in addition to any specified prefixes. Leave this field - blank to advertise no custom groups. - - This enum field has the one valid value: ALL_SUBNETS. - items: - type: string - type: array - advertisedIpRanges: + Specifies the default TTL for cached content served by this origin for responses + that do not have an existing valid TTL (max-age or s-max-age). + type: integer + maxTtl: + description: Specifies the maximum allowed TTL for cached content + served by this origin. + type: integer + negativeCaching: + description: Negative caching allows per-status code TTLs to be + set, in order to apply fine-grained caching for common errors + or redirects. + type: boolean + negativeCachingPolicy: description: |- - User-specified list of individual IP ranges to advertise in - custom mode. This field can only be populated if advertiseMode - is CUSTOM and is advertised to all peers of the router. These IP - ranges will be advertised in addition to any specified groups. - Leave this field blank to advertise no custom IP ranges. + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. items: properties: - description: - description: User-specified description for the IP range. - type: string - range: + code: description: |- - The IP range to advertise. The value must be a - CIDR-formatted string. - type: string - required: - - range + The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 + can be specified as values, and you cannot specify a status code more than once. + type: integer + ttl: + description: |- + The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s + (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL. + type: integer type: object type: array - asn: - description: |- - Local BGP Autonomous System Number (ASN). Must be an RFC6996 - private ASN, either 16-bit or 32-bit. The value will be fixed for - this router resource. All VPN tunnels that link to this router - will have the same local ASN. + serveWhileStale: + description: Serve existing content from the cache (if available) + when revalidating content with the origin, or when an error + is encountered when refreshing the cache. type: integer - keepaliveInterval: + signedUrlCacheMaxAgeSec: description: |- - The interval in seconds between BGP keepalive messages that are sent - to the peer. Hold time is three times the interval at which keepalive - messages are sent, and the hold time is the maximum number of seconds - allowed to elapse between successive keepalive messages that BGP - receives from a peer. + Maximum number of seconds the response to a signed URL request + will be considered fresh, defaults to 1hr (3600s). After this + time period, the response will be revalidated before + being served. - BGP will use the smaller of either the local hold time value or the - peer's hold time value as the hold time for the BGP connection - between the two peers. If set, this value must be between 20 and 60. - The default is 20. + When serving responses to signed URL requests, Cloud CDN will + internally behave as though all responses from this backend had a + "Cache-Control: public, max-age=[TTL]" header, regardless of any + existing Cache-Control header. The actual headers served in + responses will not be altered. type: integer - required: - - asn type: object - description: - description: An optional description of this resource. - type: string - encryptedInterconnectRouter: + circuitBreakers: description: |- - Immutable. Indicates if a router is dedicated for use with encrypted VLAN - attachments (interconnectAttachments). - type: boolean - networkRef: - description: A reference to the network to which this router belongs. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Settings controlling the volume of connections to a backend service. This field + is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + connectTimeout: + description: The timeout for new network connections to hosts. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + maxConnections: + description: |- + The maximum number of connections to the backend cluster. + Defaults to 1024. + type: integer + maxPendingRequests: + description: |- + The maximum number of pending requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequests: + description: |- + The maximum number of parallel requests to the backend cluster. + Defaults to 1024. + type: integer + maxRequestsPerConnection: + description: |- + Maximum requests for a single backend connection. This parameter + is respected by both the HTTP/1.1 and HTTP/2 implementations. If + not specified, there is no limit. Setting this parameter to 1 + will effectively disable keep alive. + type: integer + maxRetries: + description: |- + The maximum number of parallel retries to the backend cluster. + Defaults to 3. + type: integer type: object - region: - description: Immutable. Region where the router resides. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - networkRef - - region - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: + compressionMode: + description: 'Compress text responses using Brotli or gzip compression, + based on the client''s Accept-Encoding header. Possible values: + ["AUTOMATIC", "DISABLED"].' type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computeroutes.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeRoute - plural: computeroutes - shortNames: - - gcpcomputeroute - - gcpcomputeroutes - singular: computeroute - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: + connectionDrainingTimeoutSec: description: |- - Immutable. An optional description of this resource. Provide this property - when you create the resource. - type: string - destRange: + Time for which instance will be drained (not accept new + connections, but still work to finish started). + type: integer + connectionTrackingPolicy: description: |- - Immutable. The destination range of outgoing packets that this route applies to. - Only IPv4 is supported. - type: string - networkRef: - description: The network that this route applies to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Connection Tracking configuration for this BackendService. + This is available only for Layer 4 Internal Load Balancing and + Network Load Balancing. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + connectionPersistenceOnUnhealthyBackends: + description: |- + Specifies connection persistence when backends are unhealthy. + + If set to 'DEFAULT_FOR_PROTOCOL', the existing connections persist on + unhealthy backends only for connection-oriented protocols (TCP and SCTP) + and only if the Tracking Mode is PER_CONNECTION (default tracking mode) + or the Session Affinity is configured for 5-tuple. They do not persist + for UDP. + + If set to 'NEVER_PERSIST', after a backend becomes unhealthy, the existing + connections on the unhealthy backend are never persisted on the unhealthy + backend. They are always diverted to newly selected healthy backends + (unless all backends are unhealthy). + + If set to 'ALWAYS_PERSIST', existing connections always persist on + unhealthy backends regardless of protocol and session affinity. It is + generally not recommended to use this mode overriding the default. Default value: "DEFAULT_FOR_PROTOCOL" Possible values: ["DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST", "ALWAYS_PERSIST"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + idleTimeoutSec: + description: |- + Specifies how long to keep a Connection Tracking entry while there is + no matching traffic (in seconds). + + For L4 ILB the minimum(default) is 10 minutes and maximum is 16 hours. + + For NLB the minimum(default) is 60 seconds and the maximum is 16 hours. + type: integer + trackingMode: + description: |- + Specifies the key used for connection tracking. There are two options: + 'PER_CONNECTION': The Connection Tracking is performed as per the + Connection Key (default Hash Method) for the specific protocol. + + 'PER_SESSION': The Connection Tracking is performed as per the + configured Session Affinity. It matches the configured Session Affinity. Default value: "PER_CONNECTION" Possible values: ["PER_CONNECTION", "PER_SESSION"]. type: string type: object - nextHopGateway: - description: |- - Immutable. URL to a gateway that should handle matching packets. - Currently, you can only specify the internet gateway, using a full or - partial valid URL: - * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' - * 'projects/project/global/gateways/default-internet-gateway' - * 'global/gateways/default-internet-gateway' - * The string 'default-internet-gateway'. - type: string - nextHopILBRef: + consistentHash: description: |- - A forwarding rule of type loadBalancingScheme=INTERNAL that should - handle matching packets. Note that this can only be used when the - destinationRange is a public (non-RFC 1918) IP CIDR range. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + Consistent Hash-based load balancing can be used to provide soft session + affinity based on HTTP headers, cookies or other properties. This load balancing + policy is applicable only for HTTP connections. The affinity to a particular + destination host will be lost when one or more hosts are added/removed from the + destination service. This field specifies parameters that control consistent + hashing. This field only applies if the load_balancing_scheme is set to + INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is + set to MAGLEV or RING_HASH. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + httpCookie: + description: |- + Hash is based on HTTP Cookie. This field describes a HTTP cookie + that will be used as the hash key for the consistent hash load + balancer. If the cookie is not present, it will be generated. + This field is applicable if the sessionAffinity is set to HTTP_COOKIE. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + type: object + httpHeaderName: + description: |- + The hash based on the value of the specified header field. + This field is applicable if the sessionAffinity is set to HEADER_FIELD. type: string + minimumRingSize: + description: |- + The minimum number of virtual nodes to use for the hash ring. + Larger ring sizes result in more granular load + distributions. If the number of hosts in the load balancing pool + is larger than the ring size, each host will be assigned a single + virtual node. + Defaults to 1024. + type: integer type: object - nextHopInstanceRef: - description: Instance that should handle matching packets. + customRequestHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + requests. + items: + type: string + type: array + customResponseHeaders: + description: |- + Headers that the HTTP/S load balancer should add to proxied + responses. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeSecurityPolicyRef: + description: |- + The resource URL for the edge security policy associated with this + backend service. oneOf: - not: required: @@ -21752,7 +20575,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` resource.' type: string name: @@ -21762,260 +20585,128 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nextHopIp: - description: Immutable. Network IP address of an instance that should - handle matching packets. - type: string - nextHopVPNTunnelRef: - description: The ComputeVPNTunnel that should handle matching packets - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + enableCdn: + description: If true, enable Cloud CDN for this BackendService. + type: boolean + failoverPolicy: + description: Policy for failovers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + disableConnectionDrainOnFailover: + description: |- + On failover or failback, this field indicates whether connection drain + will be honored. Setting this to true has the following effect: connections + to the old active pool are not drained. Connections to the new active pool + use the timeout of 10 min (currently fixed). Setting to false has the + following effect: both old and new connections will have a drain timeout + of 10 min. + This can be set to true only if the protocol is TCP. + The default is false. + type: boolean + dropTrafficIfUnhealthy: + description: |- + This option is used only when no healthy VMs are detected in the primary + and backup instance groups. When set to true, traffic is dropped. When + set to false, new connections are sent across all VMs in the primary group. + The default is false. + type: boolean + failoverRatio: + description: |- + The value of the field must be in [0, 1]. If the ratio of the healthy + VMs in the primary backend is at or below this number, traffic arriving + at the load-balanced IP will be directed to the failover backend. + In case where 'failoverRatio' is not set or all the VMs in the backup + backend are unhealthy, the traffic will be directed back to the primary + backend in the "force" mode, where traffic will be spread to the healthy + VMs with the best effort, or to all VMs when no VM is healthy. + This field is only used with l4 load balancing. + type: number type: object - priority: - description: |- - Immutable. The priority of this route. Priority is used to break ties in cases - where there is more than one matching route of equal prefix length. - - In the case of two routes with equal prefix length, the one with the - lowest-numbered priority value wins. - - Default value is 1000. Valid range is 0 through 65535. - type: integer - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tags: - description: Immutable. A list of instance tags to which this route - applies. - items: - type: string - type: array - required: - - destRange - - networkRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + healthChecks: items: + description: |- + The health check resources for health checking this + ComputeBackendService. Currently at most one health check can be + specified, and a health check is required. + oneOf: + - required: + - healthCheckRef + - required: + - httpHealthCheckRef properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object type: array - nextHopNetwork: - description: URL to a Network that should handle matching packets. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesecuritypolicies.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeSecurityPolicy - plural: computesecuritypolicies - shortNames: - - gcpcomputesecuritypolicy - - gcpcomputesecuritypolicies - singular: computesecuritypolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - adaptiveProtectionConfig: - description: Adaptive Protection Config of this security policy. - properties: - autoDeployConfig: - description: Auto Deploy Config of this security policy. - properties: - confidenceThreshold: - description: Rules are only automatically deployed for alerts - on potential attacks with confidence scores greater than - this threshold. - type: number - expirationSec: - description: Google Cloud Armor stops applying the action - in the automatically deployed rule to an identified attacker - after this duration. The rule continues to operate against - new requests. - type: integer - impactedBaselineThreshold: - description: Rules are only automatically deployed when the - estimated impact to baseline traffic from the suggested - mitigation is below this threshold. - type: number - loadThreshold: - description: Identifies new attackers only when the load to - the backend service that is under attack exceeds this threshold. - type: number - type: object - layer7DdosDefenseConfig: - description: Layer 7 DDoS Defense Config of this security policy. - properties: - enable: - description: If set to true, enables CAAP for L7 DDoS detection. - type: boolean - ruleVisibility: - description: 'Rule visibility. Supported values include: "STANDARD", - "PREMIUM".' - type: string - type: object - type: object - advancedOptionsConfig: - description: Advanced Options Config of this security policy. + iap: + description: Settings for enabling Cloud Identity Aware Proxy. + oneOf: + - required: + - oauth2ClientId + - required: + - oauth2ClientIdRef properties: - jsonCustomConfig: - description: Custom configuration to apply the JSON parsing. Only - applicable when JSON parsing is set to STANDARD. - properties: - contentTypes: - description: A list of custom Content-Type header values to - apply the JSON parsing. - items: - type: string - type: array - required: - - contentTypes - type: object - jsonParsing: - description: 'JSON body parsing. Supported values include: "DISABLED", - "STANDARD".' - type: string - logLevel: - description: 'Logging level. Supported values include: "NORMAL", - "VERBOSE".' + oauth2ClientId: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.iap.oauth2ClientIdRef` + instead. type: string - type: object - description: - description: An optional description of this security policy. Max - size is 2048. - type: string - recaptchaOptionsConfig: - description: reCAPTCHA configuration options to be applied for the - security policy. - properties: - redirectSiteKeyRef: + oauth2ClientIdRef: description: |- Only `external` field is supported to configure the reference. - A field to supply a reCAPTCHA site key to be used for all the rules - using the redirect action with the type of GOOGLE_RECAPTCHA under - the security policy. The specified site key needs to be created from - the reCAPTCHA API. The user is responsible for the validity of the - specified site key. If not specified, a Google-managed site key is - used. + OAuth2 Client ID for IAP. oneOf: - not: required: @@ -22032,7 +20723,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + description: 'Allowed value: The `name` field of an `IAPIdentityAwareProxyClient` resource.' type: string name: @@ -22042,639 +20733,228 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - redirectSiteKeyRef - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rule: - description: The set of rules that belong to this policy. There must - always be a default rule (rule with priority 2147483647 and match - "*"). If no rules are provided when creating a security policy, - a default rule with action "allow" will be added. - items: - properties: - action: - description: Action to take when match matches the request. - type: string - description: - description: An optional description of this rule. Max size - is 64. - type: string - headerAction: - description: Additional actions that are performed on headers. - properties: - requestHeadersToAdds: - description: The list of request headers to add or overwrite - if they're already present. - items: + oauth2ClientSecret: + description: OAuth2 Client Secret for IAP. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. properties: - headerName: - description: The name of the header to set. + key: + description: Key that identifies the value to be extracted. type: string - headerValue: - description: The value to set the named header to. + name: + description: Name of the Secret to extract a value + from. type: string required: - - headerName + - key + - name type: object - type: array + type: object + type: object + oauth2ClientSecretSha256: + description: OAuth2 Client Secret SHA-256 for IAP. + type: string + type: object + loadBalancingScheme: + description: |- + Immutable. Indicates whether the backend service will be used with internal or + external load balancing. A backend service created for one type of + load balancing cannot be used with the other. For more information, refer to + [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED", "EXTERNAL_MANAGED"]. + type: string + localityLbPolicies: + description: |- + A list of locality load balancing policies to be used in order of + preference. Either the policy or the customPolicy field should be set. + Overrides any value set in the localityLbPolicy field. + + localityLbPolicies is only supported when the BackendService is referenced + by a URL Map that is referenced by a target gRPC proxy that has the + validateForProxyless field set to true. + items: + properties: + customPolicy: + description: |- + The configuration for a custom policy implemented by the user and + deployed with the client. + properties: + data: + description: |- + An optional, arbitrary JSON object with configuration data, understood + by a locally installed custom policy implementation. + type: string + name: + description: |- + Identifies the custom policy. + + The value should match the type the custom implementation is registered + with on the gRPC clients. It should follow protocol buffer + message naming conventions and include the full path (e.g. + myorg.CustomLbPolicy). The maximum length is 256 characters. + + Note that specifying the same custom policy more than once for a + backend is not a valid configuration and will be rejected. + type: string required: - - requestHeadersToAdds + - name type: object - match: - description: A match condition that incoming traffic is evaluated - against. If it evaluates to true, the corresponding action - is enforced. + policy: + description: The configuration for a built-in load balancing + policy. properties: - config: - description: The configuration options available when specifying - versioned_expr. This field must be specified if versioned_expr - is specified and cannot be specified if versioned_expr - is not specified. - properties: - srcIpRanges: - description: Set of IP addresses or ranges (IPV4 or - IPV6) in CIDR notation to match against inbound traffic. - There is a limit of 10 IP ranges per rule. A value - of '*' matches all IPs (can be used to override the - default behavior). - items: - type: string - type: array - required: - - srcIpRanges - type: object - expr: - description: User defined CEVAL expression. A CEVAL expression - is used to specify match criteria such as origin.ip, source.region_code - and contents in the request header. - properties: - expression: - description: Textual representation of an expression - in Common Expression Language syntax. The application - context of the containing message determines which - well-known feature set of CEL is supported. - type: string - required: - - expression - type: object - versionedExpr: - description: 'Predefined rule expression. If this field - is specified, config must also be specified. Available - options: SRC_IPS_V1: Must specify the corresponding - src_ip_ranges field in config.' + name: + description: |- + The name of a locality load balancer policy to be used. The value + should be one of the predefined ones as supported by localityLbPolicy, + although at the moment only ROUND_ROBIN is supported. + + This field should only be populated when the customPolicy field is not + used. + + Note that specifying the same policy more than once for a backend is + not a valid configuration and will be rejected. + + The possible values are: + + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV"]. type: string + required: + - name type: object - preconfiguredWafConfig: - description: Preconfigured WAF configuration to be applied for - the rule. If the rule does not evaluate preconfigured WAF - rules, i.e., if evaluatePreconfiguredWaf() is not used, this - field will have no effect. - properties: - exclusion: - description: An exclusion to apply during preconfigured - WAF evaluation. - items: - properties: - requestCookie: - description: Request cookie whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestHeader: - description: Request header whose value will be excluded - from inspection during preconfigured WAF evaluation. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestQueryParam: - description: Request query parameter whose value will - be excluded from inspection during preconfigured - WAF evaluation. Note that the parameter can be - in the query string or in the POST body. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - requestUri: - description: Request URI from the request line to - be excluded from inspection during preconfigured - WAF evaluation. When specifying this field, the - query or fragment part should be excluded. - items: - properties: - operator: - description: 'You can specify an exact match - or a partial match by using a field operator - and a field value. Available options: EQUALS: - The operator matches if the field value equals - the specified value. STARTS_WITH: The operator - matches if the field value starts with the - specified value. ENDS_WITH: The operator matches - if the field value ends with the specified - value. CONTAINS: The operator matches if the - field value contains the specified value. - EQUALS_ANY: The operator matches if the field - value is any value.' - type: string - value: - description: A request field matching the specified - value will be excluded from inspection during - preconfigured WAF evaluation. The field value - must be given if the field operator is not - EQUALS_ANY, and cannot be given if the field - operator is EQUALS_ANY. - type: string - required: - - operator - type: object - type: array - targetRuleIds: - description: A list of target rule IDs under the WAF - rule set to apply the preconfigured WAF exclusion. - If omitted, it refers to all the rule IDs under - the WAF rule set. - items: - type: string - type: array - targetRuleSet: - description: Target WAF rule set to apply the preconfigured - WAF exclusion. - type: string - required: - - targetRuleSet - type: object - type: array - type: object - preview: - description: When set to true, the action specified above is - not enforced. Stackdriver logs for requests that trigger a - preview action are annotated as such. - type: boolean - priority: - description: An unique positive integer indicating the priority - of evaluation for a rule. Rules are evaluated from highest - priority (lowest numerically) to lowest priority (highest - numerically) in order. - type: integer - rateLimitOptions: - description: Rate limit threshold for this security policy. - Must be specified if the action is "rate_based_ban" or "throttle". - Cannot be specified for any other actions. - properties: - banDurationSec: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, determines the - time (in seconds) the traffic will continue to be banned - by the rate limit after the rate falls below the threshold. - type: integer - banThreshold: - description: Can only be specified if the action for the - rule is "rate_based_ban". If specified, the key will be - banned for the configured 'banDurationSec' when the number - of requests that exceed the 'rateLimitThreshold' also - exceed this 'banThreshold'. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - conformAction: - description: Action to take for requests that are under - the configured rate limit threshold. Valid option is "allow" - only. - type: string - enforceOnKey: - description: Determines the key to enforce the rateLimitThreshold - on. - type: string - enforceOnKeyConfigs: - description: Immutable. Enforce On Key Config of this security - policy. - items: - properties: - enforceOnKeyName: - description: 'Rate limit key name applicable only - for the following key types: HTTP_HEADER -- Name - of the HTTP header whose value is taken as the key - value. HTTP_COOKIE -- Name of the HTTP cookie whose - value is taken as the key value.' - type: string - enforceOnKeyType: - description: Determines the key to enforce the rate_limit_threshold - on. - type: string - type: object - type: array - enforceOnKeyName: - description: 'Rate limit key name applicable only for the - following key types: HTTP_HEADER -- Name of the HTTP header - whose value is taken as the key value. HTTP_COOKIE -- - Name of the HTTP cookie whose value is taken as the key - value.' - type: string - exceedAction: - description: Action to take for requests that are above - the configured rate limit threshold, to either deny with - a specified HTTP response code, or redirect to a different - endpoint. Valid options are "deny()" where valid values - for status are 403, 404, 429, and 502, and "redirect" - where the redirect parameters come from exceedRedirectOptions - below. - type: string - exceedRedirectOptions: - description: Parameters defining the redirect action that - is used as the exceed action. Cannot be specified if the - exceed action is not redirect. - properties: - target: - description: Target for the redirect action. This is - required if the type is EXTERNAL_302 and cannot be - specified for GOOGLE_RECAPTCHA. - type: string - type: - description: Type of the redirect action. - type: string - required: - - type - type: object - rateLimitThreshold: - description: Threshold at which to begin ratelimiting. - properties: - count: - description: Number of HTTP(S) requests for calculating - the threshold. - type: integer - intervalSec: - description: Interval over which the threshold is computed. - type: integer - required: - - count - - intervalSec - type: object - required: - - conformAction - - exceedAction - - rateLimitThreshold - type: object - redirectOptions: - description: Parameters defining the redirect action. Cannot - be specified for any other actions. - properties: - target: - description: Target for the redirect action. This is required - if the type is EXTERNAL_302 and cannot be specified for - GOOGLE_RECAPTCHA. - type: string - type: - description: 'Type of the redirect action. Available options: - EXTERNAL_302: Must specify the corresponding target field - in config. GOOGLE_RECAPTCHA: Cannot specify target field - in config.' - type: string - required: - - type - type: object - required: - - action - - match - - priority - type: object - type: array - type: - description: The type indicates the intended use of the security policy. - CLOUD_ARMOR - Cloud Armor backend security policies can be configured - to filter incoming HTTP requests targeting backend services. They - filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - - Cloud Armor edge security policies can be configured to filter - incoming HTTP requests targeting backend services (including Cloud - CDN-enabled) as well as backend buckets (Cloud Storage). They filter - requests before the request is served from Google's cache. - type: string - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string type: object type: array - fingerprint: - description: Fingerprint of this resource. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - selfLink: - description: The URI of the created resource. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: computeserviceattachments.compute.cnrm.cloud.google.com -spec: - group: compute.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ComputeServiceAttachment - plural: computeserviceattachments - shortNames: - - gcpcomputeserviceattachment - - gcpcomputeserviceattachments - singular: computeserviceattachment - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - connectionPreference: - description: 'The connection preference of service attachment. The - value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service - attachment is one that always accepts the connection from consumer - forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, - ACCEPT_AUTOMATIC, ACCEPT_MANUAL' - type: string - consumerAcceptLists: - description: Projects that are allowed to connect to this service - attachment. - items: - properties: - connectionLimit: - description: The value of the limit to set. - format: int64 - type: integer - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project id or number for the project to set the limit for. + localityLbPolicy: + description: |- + The load balancing algorithm used within the scope of the locality. + The possible values are: - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - projectRef - type: object - type: array - consumerRejectLists: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The Google Cloud resource name - of a `Project` resource (format: `projects/{{name}}`).' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - description: - description: An optional description of this resource. Provide this - property when you create the resource. + * 'ROUND_ROBIN': This is a simple policy in which each healthy backend + is selected in round robin order. + + * 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy + hosts and picks the host which has fewer active requests. + + * 'RING_HASH': The ring/modulo hash load balancer implements consistent + hashing to backends. The algorithm has the property that the + addition/removal of a host from a set of N hosts only affects + 1/N of the requests. + + * 'RANDOM': The load balancer selects a random healthy host. + + * 'ORIGINAL_DESTINATION': Backend host is selected based on the client + connection metadata, i.e., connections are opened + to the same address as the destination address of + the incoming connection before the connection + was redirected to the load balancer. + + * 'MAGLEV': used as a drop in replacement for the ring hash load balancer. + Maglev is not as stable as ring hash but has faster table lookup + build times and host selection times. For more information about + Maglev, refer to https://ai.google/research/pubs/pub44824 + + * 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check + reported weights. If set, the Backend Service must + configure a non legacy HTTP-based Health Check, and + health check replies are expected to contain + non-standard HTTP response header field + X-Load-Balancing-Endpoint-Weight to specify the + per-instance weights. If set, Load Balancing is weight + based on the per-instance weights reported in the last + processed health check replies, as long as every + instance either reported a valid weight or had + UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains + equal-weight. + + + This field is applicable to either: + + * A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, + and loadBalancingScheme set to INTERNAL_MANAGED. + * A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. + * A regional backend service with loadBalancingScheme set to EXTERNAL (External Network + Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External + Network Load Balancing. The default is MAGLEV. + + + If session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV, + or RING_HASH, session affinity settings will not take effect. + + Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced + by a URL map that is bound to target gRPC proxy that has validate_for_proxyless + field set to true. Possible values: ["ROUND_ROBIN", "LEAST_REQUEST", "RING_HASH", "RANDOM", "ORIGINAL_DESTINATION", "MAGLEV", "WEIGHTED_MAGLEV"]. type: string - enableProxyProtocol: - description: Immutable. If true, enable the proxy protocol which is - for supplying client TCP/IP address data in TCP connections that - traverse proxies on their way to destination servers. - type: boolean location: - description: Immutable. The location for the resource + description: 'Location represents the geographical location of the + ComputeBackendService. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string - natSubnets: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: + logConfig: + description: |- + This field denotes the logging options for the load balancer traffic served by this backend service. + If logging is enabled, logs will be exported to Stackdriver. + properties: + enable: + description: Whether to enable logging for the load balancer traffic + served by this backend service. + type: boolean + sampleRate: + description: |- + This field can only be specified if logging is enabled for this backend service. The value of + the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer + where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. + The default value is 1.0. + type: number + type: object + networkRef: + description: |- + The network to which this backend service belongs. This field can + only be specified when the load balancing scheme is set to + INTERNAL. + oneOf: + - not: required: - external required: @@ -22689,10 +20969,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22701,13 +20979,130 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + outlierDetection: + description: |- + Settings controlling eviction of unhealthy hosts from the load balancing pool. + This field is applicable only when the load_balancing_scheme is set + to INTERNAL_SELF_MANAGED. + properties: + baseEjectionTime: + description: |- + The base time that a host is ejected for. The real time is equal to the base + time multiplied by the number of times the host has been ejected. Defaults to + 30000ms or 30s. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + consecutiveErrors: + description: |- + Number of errors before a host is ejected from the connection pool. When the + backend host is accessed over HTTP, a 5xx return code qualifies as an error. + Defaults to 5. + type: integer + consecutiveGatewayFailure: + description: |- + The number of consecutive gateway failures (502, 503, 504 status or connection + errors that are mapped to one of those status codes) before a consecutive + gateway failure ejection occurs. Defaults to 5. + type: integer + enforcingConsecutiveErrors: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive 5xx. This setting can be used to disable + ejection or to ramp it up slowly. Defaults to 100. + type: integer + enforcingConsecutiveGatewayFailure: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through consecutive gateway failures. This setting can be + used to disable ejection or to ramp it up slowly. Defaults to 0. + type: integer + enforcingSuccessRate: + description: |- + The percentage chance that a host will be actually ejected when an outlier + status is detected through success rate statistics. This setting can be used to + disable ejection or to ramp it up slowly. Defaults to 100. + type: integer + interval: + description: |- + Time interval between ejection sweep analysis. This can result in both new + ejections as well as hosts being returned to service. Defaults to 10 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: integer + required: + - seconds + type: object + maxEjectionPercent: + description: |- + Maximum percentage of hosts in the load balancing pool for the backend service + that can be ejected. Defaults to 10%. + type: integer + successRateMinimumHosts: + description: |- + The number of hosts in a cluster that must have enough request volume to detect + success rate outliers. If the number of hosts is less than this setting, outlier + detection via success rate statistics is not performed for any host in the + cluster. Defaults to 5. + type: integer + successRateRequestVolume: + description: |- + The minimum number of total requests that must be collected in one interval (as + defined by the interval duration above) to include this host in success rate + based outlier detection. If the volume is lower than this setting, outlier + detection via success rate statistics is not performed for that host. Defaults + to 100. + type: integer + successRateStdevFactor: + description: |- + This factor is used to determine the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference between the mean success + rate, and the product of this factor and the standard deviation of the mean + success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided + by a thousand to get a double. That is, if the desired factor is 1.9, the + runtime value should be 1900. Defaults to 1900. + type: integer + type: object + portName: + description: |- + Name of backend port. The same name should appear in the instance + groups referenced by this service. Required when the load balancing + scheme is EXTERNAL. + type: string + protocol: + description: |- + The protocol this BackendService uses to communicate with backends. + The default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer + types and may result in errors if used with the GA API. Possible values: ["HTTP", "HTTPS", "HTTP2", "TCP", "SSL", "GRPC"]. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - targetServiceRef: - description: Immutable. + securityPolicyRef: + description: The security policy associated with this backend service. oneOf: - not: required: @@ -22724,10 +21119,8 @@ spec: - external properties: external: - description: |- - The URL of a service serving the endpoint identified by this service attachment. - - Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + description: 'Allowed value: The `selfLink` field of a `ComputeSecurityPolicy` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -22736,12 +21129,82 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + securitySettings: + description: |- + The security settings that apply to this backend service. This field is applicable to either + a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and + load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the + load_balancing_scheme set to INTERNAL_SELF_MANAGED. + properties: + clientTLSPolicyRef: + description: |- + ClientTlsPolicy is a resource that specifies how a client should + authenticate connections to backends of a service. This resource itself + does not affect configuration unless it is attached to a backend + service resource. *ConfigConnector only supports `external` + references for this field.* + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NetworkSecurityClientTLSPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subjectAltNames: + description: |- + A list of alternate names to verify the subject identity in the certificate. + If specified, the client will verify that the server certificate's subject + alt name matches one of the specified values. + items: + type: string + type: array + required: + - clientTLSPolicyRef + - subjectAltNames + type: object + sessionAffinity: + description: |- + Type of session affinity to use. The default is NONE. Session affinity is + not applicable if the protocol is UDP. Possible values: ["NONE", "CLIENT_IP", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE"]. + type: string + subsetting: + description: Subsetting configuration for this BackendService. Currently + this is applicable only for Internal TCP/UDP load balancing and + Internal HTTP(S) load balancing. + properties: + policy: + description: 'The algorithm used for subsetting. Possible values: + ["CONSISTENT_HASH_SUBSETTING"].' + type: string + required: + - policy + type: object + timeoutSec: + description: |- + How many seconds to wait for the backend before considering it a + failed request. Default is 30 seconds. Valid range is [1, 86400]. + type: integer required: - - connectionPreference - location - - natSubnets - - projectRef - - targetServiceRef type: object status: properties: @@ -22771,32 +21234,17 @@ spec: type: string type: object type: array - connectedEndpoints: - description: An array of connections for all the consumers connected - to this service attachment. - items: - properties: - endpoint: - description: The url of a connected endpoint. - type: string - pscConnectionId: - description: The PSC connection id of the connected endpoint. - format: int64 - type: integer - status: - description: 'The status of a connected endpoint to this service - attachment. Possible values: PENDING, RUNNING, DONE' - type: string - type: object - type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string fingerprint: - description: Fingerprint of this resource. This field is used internally - during updates of this resource. + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. type: string - id: - description: The unique identifier for the resource type. The server - generates this identifier. - format: int64 + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. type: integer observedGeneration: description: ObservedGeneration is the generation of the resource @@ -22805,24 +21253,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pscServiceAttachmentId: - description: An 128-bit global unique ID of the PSC service attachment. - properties: - high: - format: int64 - type: integer - low: - format: int64 - type: integer - type: object - region: - description: URL of the region where the service attachment resides. - This field applies only to the region resource. You must specify - this field as part of the HTTP request URL. It is not settable as - a field in the request body. - type: string selfLink: - description: Server-defined URL for the resource. type: string type: object required: @@ -22843,25 +21274,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpchostprojects.compute.cnrm.cloud.google.com + name: computebackendservicesignedurlkeys.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCHostProject - plural: computesharedvpchostprojects + kind: ComputeBackendServiceSignedURLKey + plural: computebackendservicesignedurlkeys shortNames: - - gcpcomputesharedvpchostproject - - gcpcomputesharedvpchostprojects - singular: computesharedvpchostproject + - gcpcomputebackendservicesignedurlkey + - gcpcomputebackendservicesignedurlkeys + singular: computebackendservicesignedurlkey preserveUnknownFields: false scope: Namespaced versions: @@ -22881,7 +21312,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -22897,6 +21328,112 @@ spec: type: string metadata: type: object + spec: + properties: + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keyValue: + description: |- + Immutable. 128-bit key value used for signing the URL. The key value must be a + valid RFC 4648 Section 5 base64url encoded string. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + - keyValue + - projectRef + type: object status: properties: conditions: @@ -22933,6 +21470,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -22949,25 +21488,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com + name: computediskresourcepolicyattachments.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSharedVPCServiceProject - plural: computesharedvpcserviceprojects + kind: ComputeDiskResourcePolicyAttachment + plural: computediskresourcepolicyattachments shortNames: - - gcpcomputesharedvpcserviceproject - - gcpcomputesharedvpcserviceprojects - singular: computesharedvpcserviceproject + - gcpcomputediskresourcepolicyattachment + - gcpcomputediskresourcepolicyattachments + singular: computediskresourcepolicyattachment preserveUnknownFields: false scope: Namespaced versions: @@ -22987,7 +21526,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -23005,12 +21544,35 @@ spec: type: object spec: properties: - deletionPolicy: - description: "The deletion policy for the shared VPC service. Setting - ABANDON allows the resource\n\t\t\t\tto be abandoned rather than - deleted. Possible values are: \"ABANDON\"." - type: string + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -23036,8 +21598,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. A reference to the zone where the disk resides. + type: string required: + - diskRef - projectRef + - zone type: object status: properties: @@ -23093,25 +21665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesnapshots.compute.cnrm.cloud.google.com + name: computedisks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSnapshot - plural: computesnapshots + kind: ComputeDisk + plural: computedisks shortNames: - - gcpcomputesnapshot - - gcpcomputesnapshots - singular: computesnapshot + - gcpcomputedisk + - gcpcomputedisks + singular: computedisk preserveUnknownFields: false scope: Namespaced versions: @@ -23149,42 +21721,34 @@ spec: type: object spec: properties: - chainName: - description: "Immutable. Creates the new snapshot in the snapshot - chain labeled with the \nspecified name. The chain name must be - 1-63 characters long and \ncomply with RFC1035. This is an uncommon - option only for advanced \nservice owners who needs to create separate - snapshot chains, for \nexample, for chargeback tracking. When you - describe your snapshot \nresource, this field is visible only if - it has a non-empty value." - type: string description: - description: Immutable. An optional description of this resource. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - snapshotEncryptionKey: + diskEncryptionKey: description: |- - Immutable. Encrypts the snapshot using a customer-supplied encryption key. + Immutable. Encrypts the disk using a customer-supplied encryption key. - After you encrypt a snapshot using a customer-supplied key, you must - provide the same key if you use the snapshot later. For example, you - must provide the encryption key when you create a disk from the - encrypted snapshot in a future request. + After you encrypt a disk with a customer-supplied key, you must + provide the same key if you use the disk later (e.g. to create a disk + snapshot or an image, or to attach the disk to a virtual machine). Customer-supplied encryption keys do not protect access to metadata of - the snapshot. + the disk. - If you do not provide an encryption key when creating the snapshot, - then the snapshot will be encrypted using an automatically generated - key and you do not need to provide a key to use the snapshot later. + If you do not provide an encryption key when creating the disk, then + the disk will be encrypted using an automatically generated key and + you do not need to provide a key to use the disk later. properties: kmsKeyRef: - description: The encryption key that is stored in Google Cloud - KMS. + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys oneOf: - not: required: @@ -23277,57 +21841,16 @@ spec: from. type: string required: - - name - key + - name type: object type: object type: object - sha256: - description: |- - The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied - encryption key that protects this resource. - type: string - type: object - sourceDiskEncryptionKey: - description: |- - Immutable. The customer-supplied encryption key of the source snapshot. Required - if the source snapshot is protected by a customer-supplied encryption - key. - properties: - kmsKeyServiceAccountRef: - description: |- - The service account used for the encryption request for the given KMS key. - If absent, the Compute Engine Service Agent service account is used. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - rawKey: - description: |- - Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in - RFC 4648 base64 to either encrypt or decrypt this resource. + rsaEncryptedKey: + description: "Immutable. Specifies an RFC 4648 base64 encoded, + RSA-wrapped 2048-bit \ncustomer-supplied encryption key to either + encrypt or decrypt \nthis resource. You can provide either the + rawKey or the rsaEncryptedKey." oneOf: - not: required: @@ -23365,9 +21888,14 @@ spec: type: object type: object type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string type: object - sourceDiskRef: - description: A reference to the disk used to create this snapshot. + imageRef: + description: The image from which to initialize this disk. oneOf: - not: required: @@ -23384,7 +21912,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeDisk` + description: 'Allowed value: The `selfLink` field of a `ComputeImage` resource.' type: string name: @@ -23394,18 +21922,341 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - storageLocations: - description: Immutable. Cloud Storage bucket storage location of the - snapshot (regional or multi-regional). + interface: + description: DEPRECATED. This field is no longer in use, disk interfaces + will be automatically determined on attachment. To resolve this + issue, remove this field from your config. Immutable. Specifies + the disk interface to use for attaching this disk, which is either + SCSI or NVME. The default is SCSI. + type: string + location: + description: 'Location represents the geographical location of the + ComputeDisk. Specify a region name or a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + multiWriter: + description: Immutable. Indicates whether or not the disk can be read/write + attached to more than one instance. + type: boolean + physicalBlockSizeBytes: + description: |- + Immutable. Physical block size of the persistent disk, in bytes. If not present + in a request, a default value is used. Currently supported sizes + are 4096 and 16384, other sizes may be added in the future. + If an unsupported value is requested, the error message will list + the supported values for the caller's project. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + provisionedIops: + description: Immutable. Indicates how many IOPS must be provisioned + for the disk. + type: integer + replicaZones: + description: Immutable. URLs of the zones where the disk should be + replicated to. items: type: string type: array - zone: - description: Immutable. A reference to the zone where the disk is - hosted. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + description: Resource policies applied to this disk for automatic + snapshot creations. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + size: + description: |- + Size of the persistent disk, specified in GB. You can specify this + field when creating a persistent disk using the 'image' or + 'snapshot' parameter, or specify it alone to create an empty + persistent disk. + + If you specify this field along with 'image' or 'snapshot', + the value must not be less than the size of the image + or the size of the snapshot. + + Upsizing the disk is mutable, but downsizing the disk + requires re-creating the resource. + type: integer + snapshotRef: + description: The source snapshot used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceDiskRef: + description: The source disk used to create this disk. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source image. Required if + the source image is protected by a customer-supplied encryption key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceSnapshotEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyRef: + description: |- + The encryption key used to encrypt the disk. Your project's Compute + Engine System service account + ('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. See + https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + type: + description: |- + Immutable. URL of the disk type resource describing which disk type to use to + create the disk. Provide this when creating the disk. type: string required: - - sourceDiskRef + - location type: object status: properties: @@ -23438,23 +22289,17 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - diskSizeGb: - description: Size of the snapshot, specified in GB. - type: integer labelFingerprint: description: |- - The fingerprint used for optimistic locking of this resource. Used + The fingerprint used for optimistic locking of this resource. Used internally during updates. type: string - licenses: - description: |- - A list of public visible licenses that apply to this snapshot. This - can be because the original image had licenses attached (such as a - Windows image). snapshotEncryptionKey nested object Encrypts the - snapshot using a customer-supplied encryption key. - items: - type: string - type: array + lastAttachTimestamp: + description: Last attach timestamp in RFC3339 text format. + type: string + lastDetachTimestamp: + description: Last detach timestamp in RFC3339 text format. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23464,15 +22309,36 @@ spec: type: integer selfLink: type: string - snapshotId: - description: The unique identifier for the resource. - type: integer - storageBytes: + sourceDiskId: description: |- - A size of the storage used by the snapshot. As snapshots share - storage, this number is expected to change with snapshot - creation/deletion. - type: integer + The ID value of the disk used to create this image. This value may + be used to determine whether the image was taken from the current + or a previous instance of a given disk name. + type: string + sourceImageId: + description: |- + The ID value of the image used to create this disk. This value + identifies the exact image that was used to create this persistent + disk. For example, if you created the persistent disk from an image + that was later deleted and recreated under the same name, the source + image ID would identify the exact version of the image that was used. + type: string + sourceSnapshotId: + description: |- + The unique ID of the snapshot used to create this disk. This value + identifies the exact snapshot that was used to create this persistent + disk. For example, if you created the persistent disk from a snapshot + that was later deleted and recreated under the same name, the source + snapshot ID would identify the exact version of the snapshot that was + used. + type: string + users: + description: |- + Links to the users of the disk (attached instances) in form: + project/zones/zone/instances/instance. + items: + type: string + type: array type: object required: - spec @@ -23492,25 +22358,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computesslcertificates.compute.cnrm.cloud.google.com + name: computeexternalvpngateways.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLCertificate - plural: computesslcertificates + kind: ComputeExternalVPNGateway + plural: computeexternalvpngateways shortNames: - - gcpcomputesslcertificate - - gcpcomputesslcertificates - singular: computesslcertificate + - gcpcomputeexternalvpngateway + - gcpcomputeexternalvpngateways + singular: computeexternalvpngateway preserveUnknownFields: false scope: Namespaced versions: @@ -23548,108 +22414,44 @@ spec: type: object spec: properties: - certificate: - description: |- - Immutable. The certificate in PEM format. - The certificate chain must be no greater than 5 certs long. - The chain must include at least one intermediate cert. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object description: description: Immutable. An optional description of this resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeSSLCertificate. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - privateKey: - description: Immutable. The write-only private key in PEM format. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - key - - name - type: object - type: object - type: object + interface: + description: Immutable. A list of interfaces on this external VPN + gateway. + items: + properties: + id: + description: |- + Immutable. The numeric ID for this interface. Allowed values are based on the redundancy type + of this external VPN gateway + * '0 - SINGLE_IP_INTERNALLY_REDUNDANT' + * '0, 1 - TWO_IPS_REDUNDANCY' + * '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'. + type: integer + ipAddress: + description: |- + Immutable. IP address of the interface in the external VPN gateway. + Only IPv4 is supported. This IP address can be either from + your on-premise gateway or another Cloud provider's VPN gateway, + it cannot be an IP address from Google Compute Engine. + type: string + type: object + type: array + redundancyType: + description: 'Immutable. Indicates the redundancy type of this external + VPN gateway Possible values: ["FOUR_IPS_REDUNDANCY", "SINGLE_IP_INTERNALLY_REDUNDANT", + "TWO_IPS_REDUNDANCY"].' + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - certificate - - location - - privateKey type: object status: properties: - certificateId: - description: The unique identifier for the resource. - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -23676,12 +22478,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - expireTime: - description: Expire time of the certificate in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -23692,8 +22488,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -23710,25 +22504,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesslpolicies.compute.cnrm.cloud.google.com + name: computefirewallpolicies.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSSLPolicy - plural: computesslpolicies + kind: ComputeFirewallPolicy + plural: computefirewallpolicies shortNames: - - gcpcomputesslpolicy - - gcpcomputesslpolicies - singular: computesslpolicy + - gcpcomputefirewallpolicy + - gcpcomputefirewallpolicies + singular: computefirewallpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -23765,46 +22559,93 @@ spec: metadata: type: object spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef properties: - customFeatures: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. This can be one of - 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for which ciphers are available to use. **Note**: this argument - *must* be present when using the 'CUSTOM' profile. This argument - *must not* be present when using any other profile. - items: - type: string - type: array description: - description: Immutable. An optional description of this resource. - type: string - minTlsVersion: - description: |- - The minimum version of SSL protocol that can be used by the clients - to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. - type: string - profile: - description: |- - Profile specifies the set of SSL features that can be used by the - load balancer when negotiating SSL with clients. If using 'CUSTOM', - the set of SSL features to enable must be specified in the - 'customFeatures' field. - - See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) - for information on what cipher suites each profile provides. If - 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + description: An optional description of this resource. Provide this + property when you create the resource. type: string + folderRef: + description: Immutable. The Folder that this resource belongs to. + Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Folder` resource (format: `folders/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [folderRef, organizationRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + shortName: + description: Immutable. User-provided name of the Organization firewall + policy. The name should be unique in the organization in which the + firewall policy is created. The name must be 1-63 characters long, + and comply with RFC1035. Specifically, the name must be 1-63 characters + long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and + all following characters must be a dash, lowercase letter, or digit, + except the last character, which cannot be a dash. type: string + required: + - shortName type: object status: properties: @@ -23837,15 +22678,13 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - enabledFeatures: - description: The list of features enabled in the SSL policy. - items: - type: string - type: array fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in this - object. This field is used in optimistic locking. + description: Fingerprint of the resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource. This identifier + is defined by the server. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -23854,9 +22693,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + ruleTupleCount: + description: Total count of all firewall policy rule tuples. A firewall + policy can not exceed a set number of tuples. + format: int64 + type: integer selfLink: + description: Server-defined URL for the resource. + type: string + selfLinkWithId: + description: Server-defined URL for this resource with the resource + id. type: string type: object + required: + - spec type: object served: true storage: true @@ -23873,25 +22724,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computesubnetworks.compute.cnrm.cloud.google.com + name: computefirewallpolicyassociations.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeSubnetwork - plural: computesubnetworks + kind: ComputeFirewallPolicyAssociation + plural: computefirewallpolicyassociations shortNames: - - gcpcomputesubnetwork - - gcpcomputesubnetworks - singular: computesubnetwork + - gcpcomputefirewallpolicyassociation + - gcpcomputefirewallpolicyassociations + singular: computefirewallpolicyassociation preserveUnknownFields: false scope: Namespaced versions: @@ -23929,70 +22780,48 @@ spec: type: object spec: properties: - description: - description: |- - Immutable. An optional description of this resource. Provide this property when - you create the resource. This field can be set only at resource - creation time. - type: string - ipCidrRange: - description: |- - The range of internal addresses that are owned by this subnetwork. - Provide this property when you create the subnetwork. For example, - 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and - non-overlapping within a network. Only IPv4 is supported. - type: string - ipv6AccessType: - description: |- - The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation - or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet - cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. - type: string - logConfig: - description: |- - Denotes the logging options for the subnetwork flow logs. If logging is enabled - logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this - subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + attachmentTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external properties: - aggregationInterval: + external: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Toggles the aggregation interval for collecting flow logs. Increasing the - interval time will reduce the amount of generated flow logs for long - lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + The target that the firewall policy is attached to. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). type: string - filterExpr: - description: |- - Export filter used to define which VPC flow logs should be logged, as as CEL expression. See - https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. - The default value is 'true', which evaluates to include everything. + kind: + description: 'Kind of the referent. Allowed values: Folder' type: string - flowSampling: - description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - The value of the field must be in [0, 1]. Set the sampling rate of VPC - flow logs within the subnetwork where 1.0 means all collected logs are - reported and 0.0 means no logs are reported. Default is 0.5 which means - half of all collected logs are reported. - type: number - metadata: + name: description: |- - Can only be specified if VPC flow logging for this subnetwork is enabled. - Configures whether metadata fields should be added to the reported VPC - flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - metadataFields: - description: |- - List of metadata fields that should be added to reported logs. - Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. - items: - type: string - type: array type: object - networkRef: - description: |- - The network this subnet belongs to. Only networks that are in the - distributed mode can have subnetworks. + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24009,8 +22838,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The firewall policy ID of the association. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24019,70 +22850,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpGoogleAccess: - description: |- - When enabled, VMs in this subnetwork without external IP addresses can - access Google APIs and services by using Private Google Access. - type: boolean - privateIpv6GoogleAccess: - description: The private IPv6 google access type for the VMs in this - subnet. - type: string - purpose: - description: |- - Immutable. The purpose of the resource. A subnetwork with purpose set to - INTERNAL_HTTPS_LOAD_BALANCER is a user-created subnetwork that is - reserved for Internal HTTP(S) Load Balancing. - - If set to INTERNAL_HTTPS_LOAD_BALANCER you must also set the 'role' field. - type: string - region: - description: Immutable. The GCP region for this subnetwork. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - role: - description: |- - The role of subnetwork. Currently, this field is only used when - purpose = INTERNAL_HTTPS_LOAD_BALANCER. The value can be set to ACTIVE - or BACKUP. An ACTIVE subnetwork is one that is currently being used - for Internal HTTP(S) Load Balancing. A BACKUP subnetwork is one that - is ready to be promoted to ACTIVE or is currently draining. Possible values: ["ACTIVE", "BACKUP"]. - type: string - secondaryIpRange: - items: - properties: - ipCidrRange: - description: |- - The range of IP addresses belonging to this subnetwork secondary - range. Provide this property when you create the subnetwork. - Ranges must be unique and non-overlapping with all primary and - secondary IP ranges within a network. Only IPv4 is supported. - type: string - rangeName: - description: |- - The name associated with this subnetwork secondary range, used - when adding an alias IP range to a VM instance. The name must - be 1-63 characters long, and comply with RFC1035. The name - must be unique within the subnetwork. - type: string - required: - - ipCidrRange - - rangeName - type: object - type: array - stackType: - description: |- - The stack type for this subnet to identify whether the IPv6 feature is enabled or not. - If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. - type: string required: - - ipCidrRange - - networkRef - - region + - attachmentTargetRef + - firewallPolicyRef type: object status: properties: @@ -24112,27 +22887,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - externalIpv6Prefix: - description: The range of external IPv6 addresses that are owned by - this subnetwork. - type: string - fingerprint: - description: DEPRECATED. This field is not useful for users, and has - been removed as an output. Fingerprint of this resource. This field - is used internally during updates of this resource. - type: string - gatewayAddress: - description: |- - The gateway address for default routes to reach destination addresses - outside this subnetwork. - type: string - ipv6CidrRange: - description: The range of internal IPv6 addresses that are owned by - this subnetwork. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24140,7 +22894,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + shortName: + description: The short name of the firewall policy of the association. type: string type: object required: @@ -24161,25 +22916,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: computetargetgrpcproxies.compute.cnrm.cloud.google.com + name: computefirewallpolicyrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetGRPCProxy - plural: computetargetgrpcproxies + kind: ComputeFirewallPolicyRule + plural: computefirewallpolicyrules shortNames: - - gcpcomputetargetgrpcproxy - - gcpcomputetargetgrpcproxies - singular: computetargetgrpcproxy + - gcpcomputefirewallpolicyrule + - gcpcomputefirewallpolicyrules + singular: computefirewallpolicyrule preserveUnknownFields: false scope: Namespaced versions: @@ -24217,18 +22972,32 @@ spec: type: object spec: properties: + action: + description: The Action to perform when the client connection triggers + the rule. Can currently be either "allow" or "deny()" where valid + values for status are 403, 404, and 502. + type: string description: - description: An optional description of this resource. + description: An optional description for this resource. type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + direction: + description: 'The direction in which this rule applies. Possible values: + INGRESS, EGRESS' type: string - urlMapRef: - description: |- - The UrlMap resource that defines the mapping from URL to the BackendService. - The protocol field in the BackendService must be set to GRPC. + disabled: + description: Denotes whether the firewall policy rule is disabled. + When set to true, the firewall policy rule is not enforced and traffic + behaves as if it did not exist. If this is unspecified, the firewall + policy rule will be enabled. + type: boolean + enableLogging: + description: 'Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the configured export + destination in Stackdriver. Logs may be exported to BigQuery or + Pub/Sub. Note: you cannot enable logging on "goto_next" rules.' + type: boolean + firewallPolicyRef: + description: Immutable. oneOf: - not: required: @@ -24245,8 +23014,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` - resource.' + description: |- + The firewall policy of the resource. + + Allowed value: The Google Cloud resource name of a `ComputeFirewallPolicy` resource (format: `locations/global/firewallPolicies/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24255,36 +23026,139 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - validateForProxyless: - description: |- - Immutable. If true, indicates that the BackendServices referenced by - the urlMap may be accessed by gRPC applications without using - a sidecar proxy. This will enable configuration checks on urlMap - and its referenced BackendServices to not allow unsupported features. - A gRPC application must use "xds:///" scheme in the target URI - of the service it is connecting to. If false, indicates that the - BackendServices referenced by the urlMap will be accessed by gRPC - applications via a sidecar proxy. In this case, a gRPC application - must not use "xds:///" scheme in the target URI of the service - it is connecting to. - type: boolean - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + destIPRanges: + description: CIDR IP address range. Maximum number of destination + CIDR IP ranges allowed is 256. + items: type: string - reason: + type: array + layer4Configs: + description: Pairs of IP protocols and ports that the rule should + match. + items: + properties: + ipProtocol: + description: The IP protocol to which this rule applies. + The protocol type is required when creating a firewall + rule. This value can either be one of the following well + known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, + `ipip`, `sctp`), or the IP protocol number. + type: string + ports: + description: 'An optional list of ports to which this rule + applies. This field is only applicable for UDP or TCP + protocol. Each entry must be either an integer or a range. + If not specified, this rule applies to connections through + any port. Example inputs include: ``.' + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIPRanges: + description: CIDR IP address range. Maximum number of source CIDR + IP ranges allowed is 256. + items: + type: string + type: array + required: + - layer4Configs + type: object + priority: + description: Immutable. An integer indicating the priority of a rule + in the list. The priority must be a positive value between 0 and + 2147483647. Rules are evaluated from highest to lowest priority + where 0 is the highest priority and 2147483647 is the lowest prority. + format: int64 + type: integer + targetResources: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetServiceAccounts: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of an `IAMServiceAccount` resource (format: `projects/{{project}}/serviceAccounts/{{name}}@{{project}}.iam.gserviceaccount.com`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - action + - direction + - firewallPolicyRef + - match + - priority + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: description: Unique, one-word, CamelCase reason for the condition's last transition. type: string @@ -24297,18 +23171,9 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string - fingerprint: - description: |- - Fingerprint of this resource. A hash of the contents stored in - this object. This field is used in optimistic locking. This field - will be ignored when inserting a TargetGrpcProxy. An up-to-date - fingerprint must be provided in order to patch/update the - TargetGrpcProxy; otherwise, the request will fail with error - 412 conditionNotMet. To see the latest fingerprint, make a get() - request to retrieve the TargetGrpcProxy. A base64-encoded string. + kind: + description: Type of the resource. Always `compute#firewallPolicyRule` + for firewall policy rules type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24317,12 +23182,14 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - type: string - selfLinkWithId: - description: Server-defined URL with id for the resource. - type: string + ruleTupleCount: + description: Calculation of the complexity of a single firewall policy + rule. + format: int64 + type: integer type: object + required: + - spec type: object served: true storage: true @@ -24339,25 +23206,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpproxies.compute.cnrm.cloud.google.com + name: computefirewalls.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPProxy - plural: computetargethttpproxies + kind: ComputeFirewall + plural: computefirewalls shortNames: - - gcpcomputetargethttpproxy - - gcpcomputetargethttpproxies - singular: computetargethttpproxy + - gcpcomputefirewall + - gcpcomputefirewalls + singular: computefirewall preserveUnknownFields: false scope: Namespaced versions: @@ -24395,28 +23262,113 @@ spec: type: object spec: properties: + allow: + description: |- + The list of ALLOW rules specified by this firewall. Each rule + specifies a protocol and port-range tuple that describes a permitted + connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array + deny: + description: |- + The list of DENY rules specified by this firewall. Each rule specifies + a protocol and port-range tuple that describes a denied connection. + items: + properties: + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + protocol: + description: |- + The IP protocol to which this rule applies. The protocol type is + required when creating a firewall rule. This value can either be + one of the following well known protocol strings (tcp, udp, + icmp, esp, ah, sctp, ipip, all), or the IP protocol number. + type: string + required: + - protocol + type: object + type: array description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + destinationRanges: + description: |- + If destination ranges are specified, the firewall will apply only to + traffic that has destination IP address in these ranges. These ranges + must be expressed in CIDR format. IPv4 or IPv6 ranges are supported. + items: + type: string + type: array + direction: + description: |- + Immutable. Direction of traffic to which this firewall applies; default is + INGRESS. Note: For INGRESS traffic, it is NOT supported to specify + destinationRanges; For EGRESS traffic, it is NOT supported to specify + 'source_ranges' OR 'source_tags'. For INGRESS traffic, one of 'source_ranges', + 'source_tags' or 'source_service_accounts' is required. Possible values: ["INGRESS", "EGRESS"]. type: string - proxyBind: + disabled: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + Denotes whether the firewall rule is disabled, i.e not applied to the + network it is associated with. When set to true, the firewall rule is + not enforced and the network behaves as if it did not exist. If this + is unspecified, the firewall rule will be enabled. type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - urlMapRef: + enableLogging: + description: DEPRECATED. Deprecated in favor of log_config. This field + denotes whether to enable logging for a particular firewall rule. + If logging is enabled, logs will be exported to Stackdriver. + type: boolean + logConfig: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + This field denotes the logging options for a particular firewall rule. + If defined, logging is enabled, and logs will be exported to Cloud Logging. + properties: + metadata: + description: 'This field denotes whether to include or exclude + metadata for firewall logs. Possible values: ["EXCLUDE_ALL_METADATA", + "INCLUDE_ALL_METADATA"].' + type: string + required: + - metadata + type: object + networkRef: + description: The network to attach this firewall to. oneOf: - not: required: @@ -24433,7 +23385,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24443,9 +23395,137 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + priority: + description: |- + Priority for this rule. This is an integer between 0 and 65535, both + inclusive. When not specified, the value assumed is 1000. Relative + priorities determine precedence of conflicting rules. Lower value of + priority implies higher precedence (eg, a rule with priority 0 has + higher precedence than a rule with priority 1). DENY rules take + precedence over ALLOW rules having equal priority. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceRanges: + description: |- + If source ranges are specified, the firewall will apply only to + traffic that has source IP address in these ranges. These ranges must + be expressed in CIDR format. One or both of sourceRanges and + sourceTags may be set. If both properties are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP that belongs to a tag listed in the sourceTags property. The + connection does not need to match both properties for the firewall to + apply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of + 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + sourceServiceAccounts: + items: + description: |- + If source service accounts are specified, the firewall will apply only + to traffic originating from an instance with a service account in this + list. Source service accounts cannot be used to control traffic to an + instance's external IP address because service accounts are associated + with an instance, not an IP address. sourceRanges can be set at the + same time as sourceServiceAccounts. If both are set, the firewall will + apply to traffic that has source IP address within sourceRanges OR the + source IP belongs to an instance with service account listed in + sourceServiceAccount. The connection does not need to match both + properties for the firewall to apply. sourceServiceAccounts cannot be + used at the same time as sourceTags or targetTags. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceTags: + description: |- + If source tags are specified, the firewall will apply only to traffic + with source IP that belongs to a tag listed in source tags. Source + tags cannot be used to control traffic to an instance's external IP + address. Because tags are associated with an instance, not an IP + address. One or both of sourceRanges and sourceTags may be set. If + both properties are set, the firewall will apply to traffic that has + source IP address within sourceRanges OR the source IP that belongs to + a tag listed in the sourceTags property. The connection does not need + to match both properties for the firewall to apply. For INGRESS traffic, + one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required. + items: + type: string + type: array + targetServiceAccounts: + items: + description: |- + A list of service accounts indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + targetServiceAccounts cannot be used at the same time as targetTags or + sourceTags. If neither targetServiceAccounts nor targetTags are + specified, the firewall rule applies to all instances on the specified + network. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetTags: + description: |- + A list of instance tags indicating sets of instances located in the + network that may make network connections as specified in allowed[]. + If no targetTags are specified, the firewall rule applies to all + instances on the specified network. + items: + type: string + type: array required: - - location - - urlMapRef + - networkRef type: object status: properties: @@ -24485,9 +23565,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object @@ -24509,25 +23586,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargethttpsproxies.compute.cnrm.cloud.google.com + name: computeforwardingrules.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetHTTPSProxy - plural: computetargethttpsproxies + kind: ComputeForwardingRule + plural: computeforwardingrules shortNames: - - gcpcomputetargethttpsproxy - - gcpcomputetargethttpsproxies - singular: computetargethttpsproxy + - gcpcomputeforwardingrule + - gcpcomputeforwardingrules + singular: computeforwardingrule preserveUnknownFields: false scope: Namespaced versions: @@ -24565,13 +23642,26 @@ spec: type: object spec: properties: - certificateMapRef: + allPorts: + description: Immutable. This field is used along with the `backend_service` + field for internal load balancing or with the `target` field for + internal TargetInstance. This field cannot be used with `port` or + `portRange` fields. When the load balancing scheme is `INTERNAL` + and protocol is TCP/UDP, specify this field to allow packets addressed + to any ports will be forwarded to the backends configured with this + forwarding rule. + type: boolean + allowGlobalAccess: + description: This field is used along with the `backend_service` field + for internal load balancing or with the `target` field for internal + TargetInstance. If the field is set to `TRUE`, clients can access + ILB from all regions. Otherwise only allows access from clients + in the same region as the internal load balancer. + type: boolean + backendServiceRef: description: |- - Only the `external` field is supported to configure the reference. - - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This field - can only be set for global target proxies. + A ComputeBackendService to receive the matched traffic. This is + used only for internal load balancing. oneOf: - not: required: @@ -24588,8 +23678,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, - where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` resource.' type: string name: @@ -24601,69 +23690,168 @@ spec: type: object description: description: Immutable. An optional description of this resource. + Provide this property when you create the resource. type: string - location: - description: 'Location represents the geographical location of the - ComputeTargetHTTPSProxy. Specify a region name or "global" for global - resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' - type: string - proxyBind: - description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - quicOverride: - description: |- - Specifies the QUIC override policy for this resource. This determines - whether the load balancer will attempt to negotiate QUIC with clients - or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is - specified, uses the QUIC policy with no user overrides, which is - equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. At - least one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: + ipAddress: description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the ComputeTargetHTTPSProxy resource. If not set, - the ComputeTargetHTTPSProxy resource will not have any SSL policy - configured. + The IP address that this forwarding rule is serving on behalf of. + + Addresses are restricted based on the forwarding rule's load + balancing scheme (EXTERNAL or INTERNAL) and scope (global or + regional). + + When the load balancing scheme is EXTERNAL, for global forwarding + rules, the address must be a global IP, and for regional forwarding + rules, the address must live in the same region as the forwarding + rule. If this field is empty, an ephemeral IPv4 address from the + same scope (global or regional) will be assigned. A regional + forwarding rule supports IPv4 only. A global forwarding rule + supports either IPv4 or IPv6. + + When the load balancing scheme is INTERNAL, this can only be an RFC + 1918 IP address belonging to the network/subnet configured for the + forwarding rule. By default, if this field is empty, an ephemeral + internal IP address will be automatically allocated from the IP + range of the subnet or network configured for this forwarding rule. + oneOf: + - required: + - addressRef + - required: + - ip + properties: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ip: + type: string + type: object + ipProtocol: + description: Immutable. The IP protocol to which this rule applies. + For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, + `AH`, `SCTP` or `ICMP`. For Internal TCP/UDP Load Balancing, the + load balancing scheme is `INTERNAL`, and one of `TCP` or `UDP` are + valid. For Traffic Director, the load balancing scheme is `INTERNAL_SELF_MANAGED`, + and only `TCP`is valid. For Internal HTTP(S) Load Balancing, the + load balancing scheme is `INTERNAL_MANAGED`, and only `TCP` is valid. + For HTTP(S), SSL Proxy, and TCP Proxy Load Balancing, the load balancing + scheme is `EXTERNAL` and only `TCP` is valid. For Network TCP/UDP + Load Balancing, the load balancing scheme is `EXTERNAL`, and one + of `TCP` or `UDP` is valid. + type: string + ipVersion: + description: 'Immutable. The IP Version that will be used by this + forwarding rule. Valid options are `IPV4` or `IPV6`. This can only + be specified for an external global forwarding rule. Possible values: + UNSPECIFIED_VERSION, IPV4, IPV6.' + type: string + isMirroringCollector: + description: Immutable. Indicates whether or not this load balancer + can be used as a collector for packet mirroring. To prevent mirroring + loops, instances behind this load balancer will not have their traffic + mirrored even if a `PacketMirroring` rule applies to them. This + can only be set to true for load balancers that have their `loadBalancingScheme` + set to `INTERNAL`. + type: boolean + loadBalancingScheme: + description: "Immutable. Specifies the forwarding rule type.\n\n* + \ `EXTERNAL` is used for:\n * Classic Cloud VPN gateways\n + \ * Protocol forwarding to VMs from an external IP address\n + \ * The following load balancers: HTTP(S), SSL Proxy, TCP Proxy, + and Network TCP/UDP\n* `INTERNAL` is used for:\n * Protocol + forwarding to VMs from an internal IP address\n * Internal + TCP/UDP load balancers\n* `INTERNAL_MANAGED` is used for:\n * + \ Internal HTTP(S) load balancers\n* `INTERNAL_SELF_MANAGED` + is used for:\n * Traffic Director\n* `EXTERNAL_MANAGED` is + used for:\n * Global external HTTP(S) load balancers \n\nFor + more information about forwarding rules, refer to [Forwarding rule + concepts](/load-balancing/docs/forwarding-rule-concepts). Possible + values: INVALID, INTERNAL, INTERNAL_MANAGED, INTERNAL_SELF_MANAGED, + EXTERNAL, EXTERNAL_MANAGED." + type: string + location: + description: 'Location represents the geographical location of the + ComputeForwardingRule. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + metadataFilters: + description: |- + Immutable. Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set of [xDS](https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md) compliant clients. In their xDS requests to Loadbalancer, xDS clients present [node metadata](https://github.com/envoyproxy/data-plane-api/search?q=%22message+Node%22+in%3A%2Fenvoy%2Fapi%2Fv2%2Fcore%2Fbase.proto&). If a match takes place, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. `TargetHttpProxy`, `UrlMap`) referenced by the `ForwardingRule` will not be visible to those proxies. + + For each `metadataFilter` in this list, if its `filterMatchCriteria` is set to MATCH_ANY, at least one of the `filterLabel`s must match the corresponding label provided in the metadata. If its `filterMatchCriteria` is set to MATCH_ALL, then all of its `filterLabel`s must match with corresponding labels provided in the metadata. + + `metadataFilters` specified here will be applifed before those specified in the `UrlMap` that this `ForwardingRule` references. + + `metadataFilters` only applies to Loadbalancers that have their loadBalancingScheme set to `INTERNAL_SELF_MANAGED`. + items: + properties: + filterLabels: + description: |- + Immutable. The list of label value pairs that must match labels in the provided metadata based on `filterMatchCriteria` + + This list must not be empty and can have at the most 64 entries. + items: + properties: + name: + description: |- + Immutable. Name of metadata label. + + The name can have a maximum length of 1024 characters and must be at least 1 character long. + type: string + value: + description: |- + Immutable. The value of the label must match the specified value. + + value can have a maximum length of 1024 characters. + type: string + required: + - name + - value + type: object + type: array + filterMatchCriteria: + description: |- + Immutable. Specifies how individual `filterLabel` matches within the list of `filterLabel`s contribute towards the overall `metadataFilter` match. + + Supported values are: + + * MATCH_ANY: At least one of the `filterLabels` must have a matching label in the provided metadata. + * MATCH_ALL: All `filterLabels` must have matching labels in the provided metadata. Possible values: NOT_SET, MATCH_ALL, MATCH_ANY. + type: string + required: + - filterLabels + - filterMatchCriteria + type: object + type: array + networkRef: + description: |- + This field is not used for external load balancing. For internal + load balancing, this field identifies the network that the load + balanced IP should belong to for this forwarding rule. If this + field is not specified, the default network will be used. oneOf: - not: required: @@ -24680,7 +23868,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -24690,10 +23878,83 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - urlMapRef: + networkTier: + description: 'Immutable. This signifies the networking tier used for + configuring this load balancer and can only take the following values: + `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values + are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid + value is `PREMIUM`. If this field is not specified, it is assumed + to be `PREMIUM`. If `IPAddress` is specified, this value must be + equal to the networkTier of the Address.' + type: string + portRange: description: |- - A reference to the ComputeURLMap resource that defines the mapping - from URL to the BackendService. + Immutable. When the load balancing scheme is `EXTERNAL`, `INTERNAL_SELF_MANAGED` and `INTERNAL_MANAGED`, you can specify a `port_range`. Use with a forwarding rule that points to a target proxy or a target pool. Do not use with a forwarding rule that points to a backend service. This field is used along with the `target` field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when `IPProtocol` is `TCP`, `UDP`, or `SCTP`, only packets addressed to ports in the specified range will be forwarded to `target`. Forwarding rules with the same `[IPAddress, IPProtocol]` pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports: + + * TargetHttpProxy: 80, 8080 + * TargetHttpsProxy: 443 + * TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1688, 1883, 5222 + * TargetVpnGateway: 500, 4500 + + @pattern: d+(?:-d+)?. + type: string + ports: + description: 'Immutable. This field is used along with the `backend_service` + field for internal load balancing. When the load balancing scheme + is `INTERNAL`, a list of ports can be configured, for example, [''80''], + [''8000'',''9000'']. Only packets addressed to these ports are forwarded + to the backends configured with the forwarding rule. If the forwarding + rule''s loadBalancingScheme is INTERNAL, you can specify ports in + one of the following ways: * A list of up to five ports, which can + be non-contiguous * Keyword `ALL`, which causes the forwarding rule + to forward traffic on any port of the forwarding rule''s protocol. + @pattern: d+(?:-d+)? For more information, refer to [Port specifications](/load-balancing/docs/forwarding-rule-concepts#port_specifications).' + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceDirectoryRegistrations: + description: Immutable. Service Directory resources to register this + forwarding rule with. Currently, only supports a single Service + Directory resource. + items: + properties: + namespace: + description: Immutable. Service Directory namespace to register + the forwarding rule under. + type: string + service: + description: Immutable. Service Directory service to register + the forwarding rule under. + type: string + type: object + type: array + serviceLabel: + description: Immutable. An optional prefix to the service name for + this Forwarding Rule. If specified, the prefix is the first label + of the fully qualified service name. The label must be 1-63 characters + long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + Specifically, the label must be 1-63 characters long and match the + regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the + first character must be a lowercase letter, and all following characters + must be a dash, lowercase letter, or digit, except the last character, + which cannot be a dash. This field is only used for internal load + balancing. + type: string + subnetworkRef: + description: |- + The subnetwork that the load balanced IP should belong to for this + forwarding rule. This field is only used for internal load + balancing. + + If the network specified is in auto subnet mode, this field is + optional. However, if the network is in custom subnet mode, a + subnetwork must be specified. oneOf: - not: required: @@ -24710,7 +23971,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + description: 'Allowed value: The `name` field of a `ComputeSubnetwork` resource.' type: string name: @@ -24720,9 +23981,191 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + target: + description: |- + The target resource to receive the matched traffic. The forwarded + traffic must be of a type appropriate to the target object. For + INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets + are valid. + oneOf: + - required: + - targetGRPCProxyRef + - required: + - targetHTTPProxyRef + - required: + - targetHTTPSProxyRef + - required: + - targetSSLProxyRef + - required: + - targetTCPProxyRef + - required: + - targetVPNGatewayRef + properties: + targetGRPCProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetGRPCProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetHTTPSProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetHTTPSProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetSSLProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetSSLProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetTCPProxyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetTCPProxy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + targetVPNGatewayRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetVPNGateway` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object required: - location - - urlMapRef type: object status: properties: @@ -24753,7 +24196,11 @@ spec: type: object type: array creationTimestamp: - description: Creation timestamp in RFC3339 text format. + description: '[Output Only] Creation timestamp in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) + text format.' + type: string + labelFingerprint: + description: Used internally during label updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -24762,10 +24209,21 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer + pscConnectionId: + description: The PSC connection id of the PSC Forwarding Rule. + type: string + pscConnectionStatus: + description: 'The PSC connection status of the PSC Forwarding Rule. + Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, + CLOSED.' + type: string selfLink: + description: '[Output Only] Server-defined URL for the resource.' + type: string + serviceName: + description: '[Output Only] The internal fully qualified service name + for this Forwarding Rule. This field is only used for internal load + balancing.' type: string type: object required: @@ -24786,25 +24244,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetinstances.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpointgroups.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetInstance - plural: computetargetinstances + kind: ComputeGlobalNetworkEndpointGroup + plural: computeglobalnetworkendpointgroups shortNames: - - gcpcomputetargetinstance - - gcpcomputetargetinstances - singular: computetargetinstance + - gcpcomputeglobalnetworkendpointgroup + - gcpcomputeglobalnetworkendpointgroups + singular: computeglobalnetworkendpointgroup preserveUnknownFields: false scope: Namespaced versions: @@ -24824,7 +24282,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -24842,12 +24300,22 @@ spec: type: object spec: properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. type: string - instanceRef: - description: The ComputeInstance handling traffic for this target - instance. + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Possible values: ["INTERNET_IP_PORT", "INTERNET_FQDN_PORT"].' + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -24864,8 +24332,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -24874,54 +24341,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - natPolicy: - description: |- - Immutable. NAT option controlling how IPs are NAT'ed to the instance. - Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. - type: string - networkRef: - description: |- - The network this target instance uses to forward - traffic. If not specified, the traffic will be forwarded to the network - that the default network interface belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - zone: - description: Immutable. URL of the zone where the target instance - resides. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - instanceRef - - zone + - networkEndpointType + - projectRef type: object status: properties: @@ -24951,9 +24378,6 @@ spec: type: string type: object type: array - creationTimestamp: - description: Creation timestamp in RFC3339 text format. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -24982,25 +24406,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetpools.compute.cnrm.cloud.google.com + name: computeglobalnetworkendpoints.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetPool - plural: computetargetpools + kind: ComputeGlobalNetworkEndpoint + plural: computeglobalnetworkendpoints shortNames: - - gcpcomputetargetpool - - gcpcomputetargetpools - singular: computetargetpool + - gcpcomputeglobalnetworkendpoint + - gcpcomputeglobalnetworkendpoints + singular: computeglobalnetworkendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -25020,7 +24444,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -25038,7 +24462,20 @@ spec: type: object spec: properties: - backupTargetPoolRef: + fqdn: + description: |- + Immutable. Fully qualified domain name of network endpoint. + This can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT. + type: string + globalNetworkEndpointGroup: + description: Immutable. The global network endpoint group this endpoint + is part of. + type: string + ipAddress: + description: Immutable. IPv4 address external endpoint. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -25055,8 +24492,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -25065,91 +24501,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - description: - description: Immutable. Textual description field. - type: string - failoverRatio: - description: Immutable. Ratio (0 to 1) of failed nodes before using - the backup pool (which must also be set). - type: number - healthChecks: - items: - properties: - httpHealthCheckRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: array - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - region: - description: Immutable. Where the target pool resides. Defaults to - project region. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for + description: Immutable. Optional. The port of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sessionAffinity: - description: Immutable. How to distribute load. Options are "NONE" - (no affinity). "CLIENT_IP" (hash of the source/dest addresses / - ports), and "CLIENT_IP_PROTO" also includes the protocol (default - "NONE"). - type: string required: - - region + - globalNetworkEndpointGroup + - projectRef type: object status: properties: @@ -25186,9 +24545,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string type: object required: - spec @@ -25208,25 +24564,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetsslproxies.compute.cnrm.cloud.google.com + name: computehealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetSSLProxy - plural: computetargetsslproxies + kind: ComputeHealthCheck + plural: computehealthchecks shortNames: - - gcpcomputetargetsslproxy - - gcpcomputetargetsslproxies - singular: computetargetsslproxy + - gcpcomputehealthcheck + - gcpcomputehealthchecks + singular: computehealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25264,155 +24620,357 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + grpcHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' + grpcServiceName: + description: |- + The gRPC service name for the health check. + The value of grpcServiceName has the following meanings by convention: + - Empty serviceName means the overall status of all services at the backend. + - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service. + The grpcServiceName can only be ASCII. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The port number for the health check request. + Must be specified if portName and portSpecification are not set + or if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, gRPC health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string type: object - certificateMapRef: + healthyThreshold: description: |- - Only `external` field is supported to configure the reference. + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + http2HealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTP2 health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP2 health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: - A reference to the CertificateMap resource uri that identifies a - certificate map associated with the given target proxy. This - field can only be set for global target proxies. Accepted format is - '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP2 health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP2 health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + httpHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` - resource.' + host: + description: |- + The value of the host header in the HTTP health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. type: string type: object - description: - description: Immutable. An optional description of this resource. - type: string - proxyHeader: - description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + httpsHealthCheck: + description: A nested object resource. + properties: + host: + description: |- + The value of the host header in the HTTPS health check request. + If left empty (default value), the public IP on behalf of which this health + check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, HTTPS health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + location: + description: 'Location represents the geographical location of the + ComputeHealthCheck. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' type: string + logConfig: + description: Configure logging on this health check. + properties: + enable: + description: |- + Indicates whether or not to export logs. This is false by default, + which means no health check logging will be done. + type: boolean + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sslCertificates: - items: - description: |- - A list of ComputeSSLCertificate resources that are used to - authenticate connections between users and the load balancer. - Currently, exactly one SSL certificate must be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - sslPolicyRef: - description: |- - A reference to the ComputeSSLPolicy resource that will be - associated with the TargetSslProxy resource. If not set, the - ComputeTargetSSLProxy resource will not have any SSL policy - configured. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + sslHealthCheck: + description: A nested object resource. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` - resource.' + port: + description: |- + The TCP port number for the SSL health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, SSL health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. type: string - type: object - required: - - backendServiceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: + request: + description: |- + The application data to send once the SSL connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + tcpHealthCheck: + description: A nested object resource. + properties: + port: + description: |- + The TCP port number for the TCP health check request. + The default value is 443. + type: integer + portName: + description: |- + Port name as defined in InstanceGroup#NamedPort#name. If both port and + port_name are defined, port takes precedence. + type: string + portSpecification: + description: |- + Specifies how port is selected for health checking, can be one of the + following values: + + * 'USE_FIXED_PORT': The port number in 'port' is used for health checking. + + * 'USE_NAMED_PORT': The 'portName' is used for health checking. + + * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each + network endpoint is used for health checking. For other backends, the + port or named port specified in the Backend Service is used for health + checking. + + If not specified, TCP health check follows behavior specified in 'port' and + 'portName' fields. Possible values: ["USE_FIXED_PORT", "USE_NAMED_PORT", "USE_SERVING_PORT"]. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to the + backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + request: + description: |- + The application data to send once the TCP connection has been + established (default value is empty). If both request and response are + empty, the connection establishment alone will indicate health. The request + data can only be ASCII. + type: string + response: + description: |- + The bytes to match against the beginning of the response data. If left empty + (the default value), any response will indicate health. The response data + can only be ASCII. + type: string + type: object + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: properties: lastTransitionTime: description: Last time the condition transitioned from one status @@ -25445,11 +25003,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string + type: + description: The type of the health check. One of HTTP, HTTPS, TCP, + or SSL. + type: string type: object required: - spec @@ -25469,25 +25028,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargettcpproxies.compute.cnrm.cloud.google.com + name: computehttphealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetTCPProxy - plural: computetargettcpproxies + kind: ComputeHTTPHealthCheck + plural: computehttphealthchecks shortNames: - - gcpcomputetargettcpproxy - - gcpcomputetargettcpproxies - singular: computetargettcpproxy + - gcpcomputehttphealthcheck + - gcpcomputehttphealthchecks + singular: computehttphealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25525,54 +25084,53 @@ spec: type: object spec: properties: - backendServiceRef: - description: A reference to the ComputeBackendService resource. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - proxyBind: + healthyThreshold: description: |- - Immutable. This field only applies when the forwarding rule that references - this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. - type: boolean - proxyHeader: + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: description: |- - Specifies the type of proxy header to append before sending data to - the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + The value of the host header in the HTTP health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTP health check request. + The default value is 80. + type: integer + requestPath: + description: |- + The request path of the HTTP health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - backendServiceRef + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25612,14 +25170,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - proxyId: - description: The unique identifier for the resource. - type: integer selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25636,25 +25189,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computetargetvpngateways.compute.cnrm.cloud.google.com + name: computehttpshealthchecks.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeTargetVPNGateway - plural: computetargetvpngateways + kind: ComputeHTTPSHealthCheck + plural: computehttpshealthchecks shortNames: - - gcpcomputetargetvpngateway - - gcpcomputetargetvpngateways - singular: computetargetvpngateway + - gcpcomputehttpshealthcheck + - gcpcomputehttpshealthchecks + singular: computehttpshealthcheck preserveUnknownFields: false scope: Namespaced versions: @@ -25692,48 +25245,53 @@ spec: type: object spec: properties: + checkIntervalSec: + description: |- + How often (in seconds) to send a health check. The default value is 5 + seconds. + type: integer description: - description: Immutable. An optional description of this resource. + description: |- + An optional description of this resource. Provide this property when + you create the resource. type: string - networkRef: - description: The network this VPN gateway is accepting traffic for. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region this gateway should sit in. + healthyThreshold: + description: |- + A so-far unhealthy instance will be marked healthy after this many + consecutive successes. The default value is 2. + type: integer + host: + description: |- + The value of the host header in the HTTPS health check request. If + left empty (default value), the public IP on behalf of which this + health check is performed will be used. + type: string + port: + description: |- + The TCP port number for the HTTPS health check request. + The default value is 443. + type: integer + requestPath: + description: |- + The request path of the HTTPS health check request. + The default value is /. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - required: - - networkRef - - region + timeoutSec: + description: |- + How long (in seconds) to wait before claiming failure. + The default value is 5 seconds. It is invalid for timeoutSec to have + greater value than checkIntervalSec. + type: integer + unhealthyThreshold: + description: |- + A so-far healthy instance will be marked unhealthy after this many + consecutive failures. The default value is 2. + type: integer type: object status: properties: @@ -25766,9 +25324,6 @@ spec: creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string - gatewayId: - description: The unique identifier for the resource. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -25779,8 +25334,6 @@ spec: selfLink: type: string type: object - required: - - spec type: object served: true storage: true @@ -25797,25 +25350,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: computeurlmaps.compute.cnrm.cloud.google.com + name: computeimages.compute.cnrm.cloud.google.com spec: group: compute.cnrm.cloud.google.com names: categories: - gcp - kind: ComputeURLMap - plural: computeurlmaps + kind: ComputeImage + plural: computeimages shortNames: - - gcpcomputeurlmap - - gcpcomputeurlmaps - singular: computeurlmap + - gcpcomputeimage + - gcpcomputeimages + singular: computeimage preserveUnknownFields: false scope: Namespaced versions: @@ -25853,1903 +25406,16106 @@ spec: type: object spec: properties: - defaultRouteAction: + description: description: |- - defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. - defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + diskRef: + description: |- + The source disk to create this image based on. + You must provide either this property or the + rawDisk.source property but not both to create an image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - corsPolicy: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the image when restored onto a persistent + disk (in GB). + type: integer + family: + description: |- + Immutable. The name of the image family to which this image belongs. You can + create disks by specifying an image family instead of a specific + image name. The image family always returns its latest image that is + not deprecated. The name of the image family must comply with + RFC1035. + type: string + guestOsFeatures: + description: |- + Immutable. A list of features to enable on the guest operating system. + Applicable only for bootable images. + items: + properties: + type: + description: 'Immutable. The type of supported feature. Read + [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) + to see a list of available options. Possible values: ["MULTI_IP_SUBNET", + "SECURE_BOOT", "SEV_CAPABLE", "UEFI_COMPATIBLE", "VIRTIO_SCSI_MULTIQUEUE", + "WINDOWS", "GVNIC", "SEV_LIVE_MIGRATABLE"].' + type: string + required: + - type + type: object + type: array + imageEncryptionKey: + description: |- + Immutable. Encrypts the image using a customer-supplied encryption key. + + After you encrypt an image with a customer-supplied key, you must + provide the same key if you use the image later (e.g. to create a + disk from the image). + properties: + kmsKeySelfLinkRef: description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. - Default is false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regualar expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, the setting specifies the CORS policy - is disabled. The default value of false, which indicates - that the CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - faultInjectionPolicy: + kmsKeyServiceAccountRef: description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. - Similarly requests from clients can be aborted by the load balancer for a percentage of requests. - timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. - Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - abort: - description: The specification for how client requests are - aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests are - delayed as part of fault injection, before being sent to - a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - backendServiceRef: - description: |- - The backend service resource being mirrored to. - The backend service configured for a mirroring policy must reference - backends that are of the same type as the original backend service - matched in the URL map. - Serverless NEG backends are not currently supported as a mirrored - backend service. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a - `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - retryPolicy: - description: Specifies the retry policy associated with this route. - properties: - numRetries: - description: Specifies the allowed number retries. This number - must be > 0. If not specified, defaults to 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry policy applies. - Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. - - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. - - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. - - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - - internal : a retry is attempted if the gRPC status code in the response header is set to internal. - - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: + type: object + licenses: + description: Immutable. Any applicable license URI. + items: + type: string + type: array + rawDisk: + description: Immutable. The parameters of the raw disk image. + properties: + containerType: description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. - If not specified, this field uses the largest timeout among all backend services associated with the route. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - nanos: - description: Span of time that's a fraction of a second at - nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos - field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: 'Span of time at a resolution of a second. Must - be from 0 to 315,576,000,000 inclusive. Note: these bounds - are computed from: 60 sec/min * 60 min/hr * 24 hr/day * - 365.25 days/year * 10000 years.' - type: string - type: object - urlRewrite: + Immutable. The format used to encode and transmit the block device, which + should be TAR. This is just a container and transmission format + and not a runtime format. Provided by the client when the disk + image is created. Default value: "TAR" Possible values: ["TAR"]. + type: string + sha1: description: |- - The spec to modify the URL of the request, before forwarding the request to the matched service. - urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. - Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. - properties: - hostRewrite: - description: |- - Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. - The value must be from 1 to 255 characters. - type: string - pathPrefixRewrite: - description: |- - Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. - The value must be from 1 to 1024 characters. - type: string - type: object - weightedBackendServices: + Immutable. An optional SHA1 checksum of the disk image before unpackaging. + This is provided by the client when the disk image is created. + type: string + source: description: |- - A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. - After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for the selected backendService. - headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. - Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request before - forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: A list of header names for headers that - need to be removed from the request before forwarding - the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response before sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. - The default value is false. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: A list of header names for headers that - need to be removed from the response before sending - the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . - The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. - The value must be from 0 to 1000. - type: integer - type: object - type: array + Immutable. The full Google Cloud Storage URL where disk storage is stored + You must provide either this property or the sourceDisk property + but not both. + type: string + required: + - source type: object - defaultService: - description: |- - The defaultService resource to which traffic is directed if none of - the hostRules match. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If defaultRouteAction is additionally specified, advanced routing - actions like URL Rewrites, etc. take effect prior to sending the - request to the backend. However, if defaultService is specified, - defaultRouteAction cannot contain any weightedBackendServices. - Conversely, if routeAction specifies any weightedBackendServices, - service must not be specified. Only one of defaultService, - defaultUrlRedirect or defaultRouteAction.weightedBackendService - must be set. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceImageRef: + description: The source image used to create this image. oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: object + sourceSnapshotRef: + description: The source snapshot used to create this image. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: + type: object + status: + properties: + archiveSizeBytes: description: |- - An optional description of this resource. Provide this property when - you create the resource. + Size of the image tar.gz archive stored in Google Cloud Storage (in + bytes). + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string - headerAction: + labelFingerprint: description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here take effect after - headerAction specified under pathMatcher. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending the - response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeinstancegroupmanagers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupManager + plural: computeinstancegroupmanagers + shortNames: + - gcpcomputeinstancegroupmanager + - gcpcomputeinstancegroupmanagers + singular: computeinstancegroupmanager + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoHealingPolicies: + description: The autohealing policy for this managed instance group. + You can specify only one value. + items: + properties: + healthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace + The URL for the health check that signals autohealing. + + Allowed value: The `selfLink` field of a `ComputeHealthCheck` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. + initialDelaySec: + description: The number of seconds that the managed instance + group waits before it applies autohealing policies to new + instances or recently recreated instances. This initial delay + allows instances to initialize and run their startup scripts + before the instance group determines that they are UNHEALTHY. + This prevents the managed instance group from recreating its + instances prematurely. This value must be from range [0, 3600]. + format: int64 + type: integer + type: object + type: array + baseInstanceName: + description: The base instance name to use for instances in this group. + The value must be 1-58 characters long. Instances are named by appending + a hyphen and a random four-character string to the base instance + name. The base instance name must comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). + type: string + description: + description: Immutable. An optional description of this resource. + type: string + distributionPolicy: + description: Policy specifying the intended distribution of managed + instances across zones in a regional managed instance group. + properties: + targetShape: + description: 'The distribution shape to which the group converges + either proactively or on resize events (depending on the value + set in `updatePolicy.instanceRedistributionType`). Possible + values: TARGET_SHAPE_UNSPECIFIED, ANY, BALANCED, ANY_SINGLE_ZONE' + type: string + zones: + description: Immutable. Zones where the regional managed instance + group will create and manage its instances. items: - type: string + properties: + zone: + description: Immutable. The URL of the [zone](/compute/docs/regions-zones/#available). + The zone must exist in the region where the managed instance + group is located. + type: string + type: object type: array type: object - hostRule: - description: The list of HostRules to use against the URL. + failoverAction: + description: 'The action to perform in case of zone failure. Only + one value is supported, `NO_FAILOVER`. The default is `NO_FAILOVER`. + Possible values: UNKNOWN, NO_FAILOVER' + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of the instance template that is specified for this managed instance group. The group uses this template to create all new instances in the managed instance group. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Immutable. The location of this resource. + type: string + namedPorts: + description: Immutable. Named ports configured for the Instance Groups + complementary to this Instance Group Manager. items: properties: - description: - description: |- - An optional description of this HostRule. Provide this property - when you create the resource. - type: string - hosts: - description: |- - The list of host patterns to match. They must be valid - hostnames, except * will match any string of ([a-z0-9-.]*). In - that case, * must be the first character and must be followed in - the pattern by either - or .. - items: - type: string - type: array - pathMatcher: - description: |- - The name of the PathMatcher to use to match the path portion of - the URL if the hostRule matches the URL's host portion. + name: + description: Immutable. The name for this named port. The name + must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). type: string - required: - - hosts - - pathMatcher + port: + description: Immutable. The port number, which can be a value + between 1 and 65535. + format: int64 + type: integer type: object type: array - location: - description: 'Location represents the geographical location of the - ComputeURLMap. Specify a region name or "global" for global resources. - Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - pathMatcher: - description: The list of named PathMatchers to use against the URL. - items: - properties: - defaultRouteAction: - description: |- - defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs - advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request - to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. - Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service account to be used as credentials for all operations performed by the managed instance group on instances. The service accounts needs all permissions required to create and delete instances. By default, the service account: {projectNumber}@cloudservices.gserviceaccount.com is used. - Only one of defaultRouteAction or defaultUrlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see - [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + statefulPolicy: + description: Stateful configuration for this Instanced Group Manager + properties: + preservedState: + properties: + disks: + additionalProperties: properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the actual request can include user credentials. - This translates to the Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For regular expression grammar - please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. - An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy is disabled. - The default value is false, which indicates that the - CORS policy is in effect. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long results of a preflight request can be cached in seconds. - This translates to the Access-Control-Max-Age header. - type: integer + autoDelete: + description: 'These stateful disks will never be deleted + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + disk should be deleted after it is no longer used + by the group, e.g. when the given instance or the + whole group is deleted. Note: disks attached in READ_ONLY + mode cannot be auto-deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. - As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a - percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted - by the Loadbalancer for a percentage of requests. - - timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + description: Disks created on the instances that will be preserved + on instance delete, update, etc. This map is keyed with + the device names of the disks. + type: object + externalIps: + additionalProperties: properties: - abort: - description: The specification for how client requests - are aborted as part of fault injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. - The value must be between 200 and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object - delay: - description: The specification for how client requests - are delayed as part of fault injection, before being - sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed delay - interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. - The value must be between 0.0 and 100.0 inclusive. - type: number - type: object + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. - Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, - the host / authority header is suffixed with -shadow. + description: External network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + internalIps: + additionalProperties: properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate + operations. This flag is used to configure if the + IP reservation should be deleted after it is no longer + used by the group, e.g. when the given instance or + the whole group is deleted. Possible values: NEVER, + ON_PERMANENT_INSTANCE_DELETION' + type: string type: object - retryPolicy: - description: Specifies the retry policy associated with - this route. - properties: - numRetries: - description: Specifies the allowed number retries. This - number must be > 0. If not specified, defaults to - 1. - type: integer - perTryTimeout: - description: |- - Specifies a non-zero timeout per retry attempt. - - If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, - will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are - represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - retryConditions: - description: |- - Specfies one or more conditions when this retry rule applies. Valid values are: - - * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, - or if the backend service does not respond at all, example: disconnects, reset, read timeout, - * connection failure, and refused streams. - * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - * connect-failure: Loadbalancer will retry on failures connecting to backend services, - for example due to connection timeouts. - * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. - This reset type indicates that it is safe to retry. - * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled - * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded - * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted - * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time the request has been - fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. - - If not specified, will use the largest timeout among all backend services associated with the route. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented - with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. - Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. - type: string - type: object - urlRewrite: - description: The spec to modify the URL of the request, - prior to forwarding the request to the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host header is replaced - with contents of hostRewrite. - - The value must be between 1 and 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching portion of the - request's path is replaced by pathPrefixRewrite. - - The value must be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match occurs. - The weights determine the fraction of traffic that flows to their corresponding backend service. - If all traffic needs to go to a single backend service, there must be one weightedBackendService - with weight set to a non 0 number. - - Once a backendService is identified and before forwarding the request to the backend service, - advanced routing actions like Url rewrites and header transformations are applied depending on - additional settings specified in this HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - The default backend service resource. - Before forwarding the request to backendService, the loadbalancer - applies any relevant headerActions specified as part of this - backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. - - headerAction specified here take effect before headerAction in the enclosing - HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: Headers to add to a matching request - prior to forwarding the request to the backendService. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request prior to - forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior - to sending the response back to the client. - items: - properties: - headerName: - description: The name of the header to add. - type: string - headerValue: - description: The value of the header to - add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the header. - If true, headerValue is set for the header, discarding any values that were set for that header. - type: boolean - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response prior to sending the - response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as - weight / (sum of all weightedBackendService weights in routeAction) . - - The selection of a backend service is determined only for new traffic. Once a user's request - has been directed to a backendService, subsequent requests will be sent to the same backendService - as determined by the BackendService's session affinity policy. - - The value must be between 0 and 1000. - type: integer - type: object - type: array - type: object - defaultService: - description: |- - The default service to use if none of the pathRules defined by this - PathMatcher is matched by the URL's path portion. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - oneOf: + description: Internal network IPs assigned to the instances + that will be preserved on instance delete, update, etc. + This map is keyed with the network interface name. + type: object + type: object + type: object + targetPools: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: - required: - - backendBucketRef + - name - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + targetSize: + description: The target number of running instances for this managed + instance group. You can reduce this number by using the instanceGroupManager + deleteInstances or abandonInstances methods. Resizing the group + also changes this number. + format: int64 + type: integer + updatePolicy: + description: The update policy for this managed instance group. + properties: + instanceRedistributionType: + description: 'The [instance redistribution policy](/compute/docs/instance-groups/regional-migs#proactive_instance_redistribution) + for regional managed instance groups. Valid values are: - `PROACTIVE` + (default): The group attempts to maintain an even distribution + of VM instances across zones in the region. - `NONE`: For non-autoscaled + groups, proactive redistribution is disabled.' + type: string + maxSurge: + description: The maximum number of instances that can be created + above the specified `targetSize` during the update process. + This value can be either a fixed number or, if the group has + 10 or more instances, a percentage. If you set a percentage, + the number of instances is rounded if necessary. The default + value for `maxSurge` is a fixed value equal to the number of + zones in which the managed instance group operates. At least + one of either `maxSurge` or `maxUnavailable` must be greater + than 0. Learn more about [`maxSurge`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_surge). + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + maxUnavailable: + description: 'The maximum number of instances that can be unavailable + during the update process. An instance is considered available + if all of the following conditions are satisfied: - The instance''s + [status](/compute/docs/instances/checking-instance-status) is + `RUNNING`. - If there is a [health check](/compute/docs/instance-groups/autohealing-instances-in-migs) + on the instance group, the instance''s health check status must + be `HEALTHY` at least once. If there is no health check on the + group, then the instance only needs to have a status of `RUNNING` + to be considered available. This value can be either a fixed + number or, if the group has 10 or more instances, a percentage. + If you set a percentage, the number of instances is rounded + if necessary. The default value for `maxUnavailable` is a fixed + value equal to the number of zones in which the managed instance + group operates. At least one of either `maxSurge` or `maxUnavailable` + must be greater than 0. Learn more about [`maxUnavailable`](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#max_unavailable).' + properties: + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between 0 + to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer + type: object + minReadySec: + description: Minimum number of seconds to wait for after a newly + created instance becomes available. This value must be from + range [0, 3600]. + format: int64 + type: integer + minimalAction: + description: Minimal action to be taken on an instance. You can + specify either `RESTART` to restart existing instances or `REPLACE` + to delete and create new instances from the target template. + If you specify a `RESTART`, the Updater will attempt to perform + that action only. However, if the Updater determines that the + minimal action you specify is not enough to perform the update, + it might perform a more disruptive action. + type: string + mostDisruptiveAllowedAction: + description: Most disruptive action that is allowed to be taken + on an instance. You can specify either `NONE` to forbid any + actions, `REFRESH` to allow actions that do not need instance + restart, `RESTART` to allow actions that can be applied without + instance replacing or `REPLACE` to allow all possible actions. + If the Updater determines that the minimal update action needed + is more disruptive than most disruptive allowed action you specify + it will not perform the update at all. + type: string + replacementMethod: + description: 'What action should be used to replace instances. + See minimal_action.REPLACE Possible values: SUBSTITUTE, RECREATE' + type: string + type: + description: The type of update process. You can specify either + `PROACTIVE` so that the instance group manager proactively executes + actions in order to bring instances to their target versions + or `OPPORTUNISTIC` so that no action is proactively executed + but the update will be performed as part of other actions (for + example, resizes or `recreateInstances` calls). + type: string + type: object + versions: + description: Specifies the instance templates used by this managed + instance group to create instances. Each version is defined by an + `instanceTemplate` and a `name`. Every version can appear at most + once per instance group. This field overrides the top-level `instanceTemplate` + field. Read more about the [relationships between these fields](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#relationship_between_versions_and_instancetemplate_properties_for_a_managed_instance_group). + Exactly one `version` must leave the `targetSize` field unset. That + version will be applied to all remaining instances. For more information, + read about [canary updates](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update). + items: + properties: + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - defaultUrlRedirect: - description: |- - When none of the specified hostRules match, the request is redirected to a URL specified - by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or - defaultRouteAction must not be set. + - required: + - namespace + required: + - external properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one that was - supplied in the request. The value must be between 1 and 255 characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. If set to - false, the URL scheme of the redirected request will remain the same as that of the - request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this - true for TargetHttpsProxy is not permitted. The default is set to false. - type: boolean - pathRedirect: + external: description: |- - The path that will be used in the redirect response instead of the one that was - supplied in the request. pathRedirect cannot be supplied together with - prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the - original request will be used for the redirect. The value must be between 1 and 1024 - characters. + The URL of the instance template that is specified for this managed instance group. The group uses this template to create new instances in the managed instance group until the `targetSize` for this version is reached. The templates for existing instances in the group do not change unless you run `recreateInstances`, run `applyUpdatesToInstances`, or set the group's `updatePolicy.type` to `PROACTIVE`; in those cases, existing instances are updated until the `targetSize` for this version is reached. + + Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` resource. type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, - retaining the remaining portion of the URL before redirecting the request. - prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or - neither. If neither is supplied, the path of the original request will be used for - the redirect. The value must be between 1 and 1024 characters. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed prior - to redirecting the request. If set to false, the query portion of the original URL is - retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery type: object - description: - description: An optional description of this resource. + name: + description: Name of the version. Unique among all versions + in the scope of this managed instance group. type: string - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. HeaderAction specified here are applied after the - matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to sending - the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array + targetSize: + description: 'Specifies the intended number of instances to + be created from the `instanceTemplate`. The final number of + instances created from the template will be equal to: - If + expressed as a fixed number, the minimum of either `targetSize.fixed` + or `instanceGroupManager.targetSize` is used. - if expressed + as a `percent`, the `targetSize` would be `(targetSize.percent/100 + * InstanceGroupManager.targetSize)` If there is a remainder, + the number is rounded. If unset, this version will update + any remaining instances not updated by another `version`. + Read [Starting a canary update](/compute/docs/instance-groups/rolling-out-updates-to-managed-instance-groups#starting_a_canary_update) + for more information.' + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value + is `fixed`, then the `calculated` value is equal to the + `fixed` value. - If the value is a `percent`, then the + `calculated` value is `percent`/100 * `targetSize`. For + example, the `calculated` value of a 80% of a managed + instance group with 150 instances would be (80/100 * 150) + = 120 VM instances. If there is a remainder, the number + is rounded.' + format: int64 + type: integer + fixed: + description: Specifies a fixed number of VM instances. This + must be a positive integer. + format: int64 + type: integer + percent: + description: Specifies a percentage of instances between + 0 to 100%, inclusive. For example, specify `80` for 80%. + format: int64 + type: integer type: object - name: - description: The name to which this PathMatcher is referred - by the HostRule. + type: object + type: array + required: + - projectRef + - targetSize + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - pathRule: - description: |- - The list of path rules. Use this list instead of routeRules when routing based - on simple path matching is all that's required. The order by which path rules - are specified does not matter. Matches are always done on the longest-path-first - basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* - irrespective of the order in which those paths appear in this list. Within a - given pathMatcher, only one of pathRules or routeRules must be set. - items: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: The creation timestamp for this managed instance group + in \[RFC3339\](https://www.ietf.org/rfc/rfc3339.txt) text format. + type: string + currentActions: + description: '[Output Only] The list of instance actions and the number + of instances in this managed instance group that are scheduled for + each of those actions.' + properties: + abandoning: + description: '[Output Only] The total number of instances in the + managed instance group that are scheduled to be abandoned. Abandoning + an instance removes it from the managed instance group without + deleting it.' + format: int64 + type: integer + creating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be created or are currently + being created. If the group fails to create any of these instances, + it tries again until it creates the instance successfully. If + you have disabled creation retries, this field will not be populated; + instead, the `creatingWithoutRetries` field will be populated.' + format: int64 + type: integer + creatingWithoutRetries: + description: '[Output Only] The number of instances that the managed + instance group will attempt to create. The group attempts to + create each instance only once. If the group fails to create + any of these instances, it decreases the group''s `targetSize` + value accordingly.' + format: int64 + type: integer + deleting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be deleted or are currently + being deleted.' + format: int64 + type: integer + none: + description: '[Output Only] The number of instances in the managed + instance group that are running and have no scheduled actions.' + format: int64 + type: integer + recreating: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be recreated or are currently + being being recreated. Recreating an instance deletes the existing + root persistent disk and creates a new disk from the image that + is defined in the instance template.' + format: int64 + type: integer + refreshing: + description: '[Output Only] The number of instances in the managed + instance group that are being reconfigured with properties that + do not require a restart or a recreate action. For example, + setting or removing target pools for the instance.' + format: int64 + type: integer + restarting: + description: '[Output Only] The number of instances in the managed + instance group that are scheduled to be restarted or are currently + being restarted.' + format: int64 + type: integer + verifying: + description: '[Output Only] The number of instances in the managed + instance group that are being verified. See the `managedInstances[].currentAction` + property in the `listManagedInstances` method documentation.' + format: int64 + type: integer + type: object + fingerprint: + description: Fingerprint of this resource. This field may be used + in optimistic locking. It will be ignored when inserting an InstanceGroupManager. + An up-to-date fingerprint must be provided in order to update the + InstanceGroupManager, otherwise the request will fail with error + `412 conditionNotMet`. To see the latest fingerprint, make a `get()` + request to retrieve an InstanceGroupManager. + type: string + id: + description: '[Output Only] A unique identifier for this resource + type. The server generates this identifier.' + format: int64 + type: integer + instanceGroup: + description: '[Output Only] The URL of the Instance Group resource.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: '[Output Only] The URL of the [region](/compute/docs/regions-zones/#available) + where the managed instance group resides (for regional resources).' + type: string + selfLink: + description: '[Output Only] The URL for this managed instance group. + The server defines this URL.' + type: string + status: + description: '[Output Only] The status of this managed instance group.' + properties: + autoscaler: + description: '[Output Only] The URL of the [Autoscaler](/compute/docs/autoscaler/) + that targets this instance group manager.' + type: string + isStable: + description: '[Output Only] A bit indicating whether the managed + instance group is in a stable state. A stable state means that: + none of the instances in the managed instance group is currently + undergoing any type of change (for example, creation, restart, + or deletion); no future changes are scheduled for instances + in the managed instance group; and the managed instance group + itself is not being modified.' + type: boolean + stateful: + description: '[Output Only] Stateful status of the given Instance + Group Manager.' + properties: + hasStatefulConfig: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions.' + type: boolean + isStateful: + description: '[Output Only] A bit indicating whether the managed + instance group has stateful configuration, that is, if you + have configured any items in a stateful policy or in per-instance + configs. The group might report that it has no stateful + config even when there is still some preserved state on + a managed instance, for example, if you have deleted all + PICs but not yet applied those deletions. This field is + deprecated in favor of has_stateful_config.' + type: boolean + perInstanceConfigs: + description: '[Output Only] Status of per-instance configs + on the instance.' properties: - paths: - description: |- - The list of path patterns to match. Each must start with / and the only place a - \* is allowed is at the end following a /. The string fed to the path matcher - does not include any text after the first ? or #, and those chars are not - allowed here. - items: - type: string - type: array - routeAction: - description: |- - In response to a matching path, the load balancer performs advanced routing - actions like URL rewrites, header transformations, etc. prior to forwarding the - request to the selected backend. If routeAction specifies any - weightedBackendServices, service must not be set. Conversely if service is set, - routeAction cannot contain any weightedBackendServices. Only one of routeAction - or urlRedirect must be set. - properties: - corsPolicy: - description: |- - The specification for allowing client side cross-origin requests. Please see W3C - Recommendation for Cross Origin Resource Sharing. - properties: - allowCredentials: - description: |- - In response to a preflight request, setting this to true indicates that the - actual request can include user credentials. This translates to the Access- - Control-Allow-Credentials header. Defaults to false. - type: boolean - allowHeaders: - description: Specifies the content for the Access-Control-Allow-Headers - header. - items: - type: string - type: array - allowMethods: - description: Specifies the content for the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOriginRegexes: - description: |- - Specifies the regular expression patterns that match allowed origins. For - regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript - An origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - allowOrigins: - description: |- - Specifies the list of origins that will be allowed to do CORS requests. An - origin is allowed if it matches either allow_origins or allow_origin_regex. - items: - type: string - type: array - disabled: - description: If true, specifies the CORS policy - is disabled. - type: boolean - exposeHeaders: - description: Specifies the content for the Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: |- - Specifies how long the results of a preflight request can be cached. This - translates to the content for the Access-Control-Max-Age header. - type: integer - required: - - disabled - type: object - faultInjectionPolicy: - description: |- - The specification for fault injection introduced into traffic to test the - resiliency of clients to backend service failure. As part of fault injection, - when clients send requests to a backend service, delays can be introduced by - Loadbalancer on a percentage of requests before sending those request to the - backend service. Similarly requests from clients can be aborted by the - Loadbalancer for a percentage of requests. timeout and retry_policy will be - ignored by clients that are configured with a fault_injection_policy. - properties: - abort: - description: |- - The specification for how client requests are aborted as part of fault - injection. - properties: - httpStatus: - description: |- - The HTTP status code used to abort the request. The value must be between 200 - and 599 inclusive. - type: integer - percentage: - description: |- - The percentage of traffic (connections/operations/requests) which will be - aborted as part of fault injection. The value must be between 0.0 and 100.0 - inclusive. - type: number - required: - - httpStatus - - percentage - type: object - delay: - description: |- - The specification for how client requests are delayed as part of fault - injection, before being sent to a backend service. - properties: - fixedDelay: - description: Specifies the value of the fixed - delay interval. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - percentage: - description: |- - The percentage of traffic (connections/operations/requests) on which delay will - be introduced as part of fault injection. The value must be between 0.0 and - 100.0 inclusive. - type: number - required: - - fixedDelay - - percentage - type: object - type: object - requestMirrorPolicy: - description: |- - Specifies the policy on how requests intended for the route's backends are - shadowed to a separate mirrored backend service. Loadbalancer does not wait for - responses from the shadow service. Prior to sending traffic to the shadow - service, the host / authority header is suffixed with -shadow. - properties: - backendServiceRef: - description: Required. The backend service resource - being mirrored to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - backendServiceRef - type: object - retryPolicy: - description: Specifies the retry policy associated - with this route. - properties: - numRetries: - description: Specifies the allowed number retries. - This number must be > 0. - type: integer - perTryTimeout: - description: Specifies a non-zero timeout per - retry attempt. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - retryConditions: - description: |- - Specifies one or more conditions when this retry rule applies. Valid values are: - - - 5xx: Loadbalancer will attempt a retry if the backend service responds with - any 5xx response code, or if the backend service does not respond at all, - example: disconnects, reset, read timeout, connection failure, and refused - streams. - - gateway-error: Similar to 5xx, but only applies to response codes - 502, 503 or 504. - - connect-failure: Loadbalancer will retry on failures - connecting to backend services, for example due to connection timeouts. - - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. - Currently the only retriable error supported is 409. - - refused-stream: Loadbalancer will retry if the backend service resets the stream with a - REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - - cancelled: Loadbalancer will retry if the gRPC status code in the response - header is set to cancelled - - deadline-exceeded: Loadbalancer will retry if the - gRPC status code in the response header is set to deadline-exceeded - - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response - header is set to resource-exhausted - - unavailable: Loadbalancer will retry if - the gRPC status code in the response header is set to unavailable. - items: - type: string - type: array - type: object - timeout: - description: |- - Specifies the timeout for the selected route. Timeout is computed from the time - the request is has been fully processed (i.e. end-of-stream) up until the - response has been completely processed. Timeout includes all retries. If not - specified, the default value is 15 seconds. - properties: - nanos: - description: |- - Span of time that's a fraction of a second at nanosecond resolution. Durations - less than one second are represented with a 0 'seconds' field and a positive - 'nanos' field. Must be from 0 to 999,999,999 inclusive. - type: integer - seconds: - description: |- - Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 - inclusive. - type: string - required: - - seconds - type: object - urlRewrite: - description: |- - The spec to modify the URL of the request, prior to forwarding the request to - the matched service. - properties: - hostRewrite: - description: |- - Prior to forwarding the request to the selected service, the request's host - header is replaced with contents of hostRewrite. The value must be between 1 and - 255 characters. - type: string - pathPrefixRewrite: - description: |- - Prior to forwarding the request to the selected backend service, the matching - portion of the request's path is replaced by pathPrefixRewrite. The value must - be between 1 and 1024 characters. - type: string - type: object - weightedBackendServices: - description: |- - A list of weighted backend services to send traffic to when a route match - occurs. The weights determine the fraction of traffic that flows to their - corresponding backend service. If all traffic needs to go to a single backend - service, there must be one weightedBackendService with weight set to a non 0 - number. Once a backendService is identified and before forwarding the request to - the backend service, advanced routing actions like Url rewrites and header - transformations are applied depending on additional settings specified in this - HttpRouteAction. - items: - properties: - backendServiceRef: - description: |- - Required. The default backend service resource. Before forwarding - the request to backendService, the loadbalancer applies any relevant - headerActions specified as part of this backendServiceWeight. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. headerAction specified here take effect before - headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response - prior to sending the response back to - the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header - to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - weight: - description: |- - Specifies the fraction of traffic sent to backendService, computed as weight / - (sum of all weightedBackendService weights in routeAction) . The selection of a - backend service is determined only for new traffic. Once a user's request has - been directed to a backendService, subsequent requests will be sent to the same - backendService as determined by the BackendService's session affinity policy. - The value must be between 0 and 1000. - type: integer - required: - - backendServiceRef - - weight - type: object - type: array - type: object - service: - description: |- - The backend service to which traffic is directed if this rule is - matched. - For the Global URL Map, it should be a reference to the backend - service or backend bucket. - For the Regional URL Map, it should be a reference to the backend - service. - If routeAction is additionally specified, advanced routing actions - like URL Rewrites, etc. take effect prior to sending the request to - the backend. However, if service is specified, routeAction cannot - contain any weightedBackendServices. Conversely, if routeAction - specifies any weightedBackendServices, service must not be - specified. Only one of urlRedirect, service or - routeAction.weightedBackendService must be set. - oneOf: - - required: - - backendBucketRef - - required: - - backendServiceRef - properties: - backendBucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendBucket` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - backendServiceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field - of a `ComputeBackendService` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - urlRedirect: - description: |- - When a path pattern is matched, the request is redirected to a URL specified - by urlRedirect. If urlRedirect is specified, service or routeAction must not - be set. - properties: - hostRedirect: - description: |- - The host that will be used in the redirect response instead of the one - that was supplied in the request. The value must be between 1 and 255 - characters. - type: string - httpsRedirect: - description: |- - If set to true, the URL scheme in the redirected request is set to https. - If set to false, the URL scheme of the redirected request will remain the - same as that of the request. This must only be set for UrlMaps used in - TargetHttpProxys. Setting this true for TargetHttpsProxy is not - permitted. The default is set to false. - type: boolean - pathRedirect: - description: |- - The path that will be used in the redirect response instead of the one - that was supplied in the request. pathRedirect cannot be supplied - together with prefixRedirect. Supply one alone or neither. If neither is - supplied, the path of the original request will be used for the redirect. - The value must be between 1 and 1024 characters. - type: string - prefixRedirect: - description: |- - The prefix that replaces the prefixMatch specified in the - HttpRouteRuleMatch, retaining the remaining portion of the URL before - redirecting the request. prefixRedirect cannot be supplied together with - pathRedirect. Supply one alone or neither. If neither is supplied, the - path of the original request will be used for the redirect. The value - must be between 1 and 1024 characters. - type: string - redirectResponseCode: - description: |- - The HTTP Status code to use for this RedirectAction. Supported values are: - - * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - - * FOUND, which corresponds to 302. - - * SEE_OTHER which corresponds to 303. - - * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method - will be retained. - - * PERMANENT_REDIRECT, which corresponds to 308. In this case, - the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. - type: string - stripQuery: - description: |- - If set to true, any accompanying query portion of the original URL is removed - prior to redirecting the request. If set to false, the query portion of the - original URL is retained. - This field is required to ensure an empty block is not set. The normal default value is false. - type: boolean - required: - - stripQuery - type: object - required: - - paths + allEffective: + description: A bit indicating if all of the group's per-instance + configs (listed in the output of a listPerInstanceConfigs + API call) have status `EFFECTIVE` or there are no per-instance-configs. + type: boolean type: object - type: array - routeRules: - description: |- - The list of ordered HTTP route rules. Use this list instead of pathRules when - advanced route matching and routing actions are desired. The order of specifying - routeRules matters: the first rule that matches will cause its specified routing - action to take effect. Within a given pathMatcher, only one of pathRules or - routeRules must be set. routeRules are not supported in UrlMaps intended for - External load balancers. - items: - properties: - headerAction: - description: |- - Specifies changes to request and response headers that need to take effect for - the selected backendService. The headerAction specified here are applied before - the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r - outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. - properties: - requestHeadersToAdd: - description: |- - Headers to add to a matching request prior to forwarding the request to the - backendService. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - requestHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the request - prior to forwarding the request to the backendService. - items: - type: string - type: array - responseHeadersToAdd: - description: Headers to add the response prior to - sending the response back to the client. - items: - properties: - headerName: - description: The name of the header. - type: string - headerValue: - description: The value of the header to add. - type: string - replace: - description: |- - If false, headerValue is appended to any values that already exist for the - header. If true, headerValue is set for the header, discarding any values that - were set for that header. - type: boolean - required: - - headerName - - headerValue - - replace - type: object - type: array - responseHeadersToRemove: - description: |- - A list of header names for headers that need to be removed from the response - prior to sending the response back to the client. - items: - type: string - type: array - type: object - matchRules: - description: The rules for determining a match. - items: - properties: - fullPathMatch: - description: |- - For satisfying the matchRule condition, the path of the request must exactly - match the value specified in fullPathMatch after removing any query parameters - and anchor that may be part of the original URL. FullPathMatch must be between 1 - and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must - be specified. - type: string - headerMatches: - description: |- - Specifies a list of header match criteria, all of which must match corresponding - headers in the request. - items: - properties: - exactMatch: - description: |- - The value should exactly match contents of exactMatch. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: string - headerName: - description: |- - The name of the HTTP header to match. For matching against the HTTP request's - authority, use a headerMatch with the header name ":authority". For matching a - request's method, use the headerName ":method". - type: string - invertMatch: - description: |- - If set to false, the headerMatch is considered a match if the match criteria - above are met. If set to true, the headerMatch is considered a match if the - match criteria above are NOT met. Defaults to false. - type: boolean - prefixMatch: - description: |- - The value of the header must start with the contents of prefixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - presentMatch: - description: |- - A header with the contents of headerName must exist. The match takes place - whether or not the request's header has a value or not. Only one of exactMatch, - prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. - type: boolean - rangeMatch: - description: |- - The header value must be an integer and its value must be in the range specified - in rangeMatch. If the header does not contain an integer, number or is empty, - the match fails. For example for a range [-5, 0] - - * -3 will match - * 0 will not match - * 0.25 will not match - * -3someString will not match. - - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - properties: - rangeEnd: - description: The end of the range (exclusive). - type: integer - rangeStart: - description: The start of the range (inclusive). - type: integer - required: - - rangeEnd - - rangeStart - type: object - regexMatch: - description: |- - The value of the header must match the regular expression specified in - regexMatch. For regular expression grammar, please see: - en.cppreference.com/w/cpp/regex/ecmascript For matching against a port - specified in the HTTP request, use a headerMatch with headerName set to PORT and - a regular expression that satisfies the RFC2616 Host header's port specifier. - Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or - rangeMatch must be set. - type: string - suffixMatch: - description: |- - The value of the header must end with the contents of suffixMatch. Only one of - exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch - must be set. - type: string - required: - - headerName - type: object - type: array - ignoreCase: - description: |- - Specifies that prefixMatch and fullPathMatch matches are case sensitive. - Defaults to false. - type: boolean - metadataFilters: - description: |- - Opaque filter criteria used by Loadbalancer to restrict routing configuration to - a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS - clients present node metadata. If a match takes place, the relevant routing - configuration is made available to those proxies. For each metadataFilter in - this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the - filterLabels must match the corresponding label provided in the metadata. If its - filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match - with corresponding labels in the provided metadata. metadataFilters specified - here can be overrides those specified in ForwardingRule that refers to this - UrlMap. metadataFilters only applies to Loadbalancers that have their - loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: object + versionTarget: + description: '[Output Only] A status of consistency of Instances'' + versions with their target version specified by `version` field + on Instance Group Manager.' + properties: + isReached: + description: '[Output Only] A bit indicating whether version + target has been reached in this managed instance group, + i.e. all instances are in their target version. Instances'' + target version are specified by `version` field on Instance + Group Manager.' + type: boolean + type: object + type: object + updatePolicy: + properties: + maxSurge: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + maxUnavailable: + properties: + calculated: + description: '[Output Only] Absolute value of VM instances + calculated based on the specific mode. - If the value is + `fixed`, then the `calculated` value is equal to the `fixed` + value. - If the value is a `percent`, then the `calculated` + value is `percent`/100 * `targetSize`. For example, the + `calculated` value of a 80% of a managed instance group + with 150 instances would be (80/100 * 150) = 120 VM instances. + If there is a remainder, the number is rounded.' + format: int64 + type: integer + type: object + type: object + zone: + description: '[Output Only] The URL of a [zone](/compute/docs/regions-zones/#available) + where the managed instance group is located (for zonal resources).' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroupnamedports.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroupNamedPort + plural: computeinstancegroupnamedports + shortNames: + - gcpcomputeinstancegroupnamedport + - gcpcomputeinstancegroupnamedports + singular: computeinstancegroupnamedport + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + groupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + port: + description: Immutable. The port number, which can be a value between + 1 and 65535. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone of the instance group. + type: string + required: + - groupRef + - port + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceGroup + plural: computeinstancegroups + shortNames: + - gcpcomputeinstancegroup + - gcpcomputeinstancegroups + singular: computeinstancegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional textual description of the instance + group. + type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + namedPort: + description: The named port configuration. + items: + properties: + name: + description: The name which the port will be mapped to. + type: string + port: + description: The port number to map the name to. + type: integer + required: + - name + - port + type: object + type: array + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. The zone that this instance group should be + created in. + type: string + required: + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + size: + description: The number of instances in the group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstance + plural: computeinstances + shortNames: + - gcpcomputeinstance + - gcpcomputeinstances + singular: computeinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + anyOf: + - required: + - bootDisk + - machineType + - networkInterface + - zone + - required: + - instanceTemplateRef + - zone + properties: + advancedMachineFeatures: + description: Controls for advanced machine-related behavior features. + properties: + enableNestedVirtualization: + description: Whether to enable nested virtualization or not. + type: boolean + threadsPerCore: + description: The number of threads per physical core. To disable + simultaneous multithreading (SMT) set this to 1. If unset, the + maximum number of threads supported per core by the underlying + processor is assumed. + type: integer + visibleCoreCount: + description: The number of physical cores to expose to an instance. + Multiply by the number of threads per core to compute the total + number of virtual CPUs to expose to the instance. If unset, + the number of cores is inferred from the instance\'s nominal + CPU count and the underlying platform\'s SMT width. + type: integer + type: object + attachedDisk: + description: List of disks attached to the instance. + items: + properties: + deviceName: + description: Name with which the attached disk is accessible + under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: A 256-bit customer-supplied encryption key, encoded + in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link + and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceDiskRef + type: object + type: array + bootDisk: + description: Immutable. The boot disk for the instance. + properties: + autoDelete: + description: Immutable. Whether the disk will be auto-deleted + when the instance is deleted. + type: boolean + deviceName: + description: Immutable. Name with which attached disk will be + accessible under /dev/disk/by-id/. + type: string + diskEncryptionKeyRaw: + description: Immutable. A 256-bit customer-supplied encryption + key, encoded in RFC 4648 base64 to encrypt this disk. Only one + of kms_key_self_link and disk_encryption_key_raw may be set. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + diskEncryptionKeySha256: + description: The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + initializeParams: + description: Immutable. Parameters with which a disk was created + alongside the instance. + properties: + labels: + description: Immutable. A set of key/value label pairs assigned + to the disk. + type: object + x-kubernetes-preserve-unknown-fields: true + size: + description: Immutable. The size of the image in gigabytes. + type: integer + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeImage` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The Google Compute Engine disk type. + Such as pd-standard, pd-ssd or pd-balanced. + type: string + type: object + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + mode: + description: Immutable. Read/write mode for the disk. One of "READ_ONLY" + or "READ_WRITE". + type: string + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + canIpForward: + description: Whether sending and receiving of packets with non-matching + source or destination IPs is allowed. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Defines whether the instance should have confidential + compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + deletionProtection: + description: Whether deletion protection is enabled on this instance. + type: boolean + description: + description: Immutable. A brief description of the resource. + type: string + desiredStatus: + description: Desired status of the instance. Either "RUNNING" or "TERMINATED". + type: string + enableDisplay: + description: Whether the instance has virtual displays enabled. + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource exposed + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + hostname: + description: Immutable. A custom hostname for the instance. Must be + a fully qualified DNS name and RFC-1035-valid. Valid format is a + series of labels 1-63 characters long matching the regular expression + [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire + hostname must not exceed 253 characters. Changing this forces a + new resource to be created. + type: string + instanceTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstanceTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to create. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. Metadata startup scripts made available within + the instance. + type: string + minCpuPlatform: + description: The minimum CPU platform specified for the VM instance. + type: string + networkInterface: + description: Immutable. The networks attached to the instance. + items: + not: + required: + - networkIp + - networkIpRef + properties: + accessConfig: + description: Access configurations, i.e. IPs via which this + instance can be accessed via the Internet. + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: The networking tier used for configuring + this instance. One of PREMIUM or STANDARD. + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: An array of alias IP ranges for this network interface. + items: + properties: + ipCidrRange: + description: The IP CIDR range represented by this alias + IP range. + type: string + subnetworkRangeName: + description: The subnetwork secondary range name specifying + the secondary range from which to allocate the IP CIDR + range for this alias IP range. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the interface. + type: string + networkIp: + description: DEPRECATED. Although this field is still available, + there is limited support. We recommend that you use `spec.networkInterface.networkIpRef` + instead. + type: string + networkIpRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: The project in which the subnetwork belongs. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: The scheduling strategy being used by the instance. + properties: + automaticRestart: + description: Specifies if the instance should be restarted if + it was terminated by Compute Engine (not a user). + type: boolean + instanceTerminationAction: + description: Specifies the action GCE should take when SPOT VM + is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Describes maintenance behavior for the instance. + One of MIGRATE or TERMINATE,. + type: string + preemptible: + description: Immutable. Whether the instance is preemptible. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + scratchDisk: + description: Immutable. The scratch disks attached to the instance. + items: + properties: + interface: + description: The disk interface used for attaching this disk. + One of SCSI or NVME. + type: string + size: + description: Immutable. The size of the disk in gigabytes. One + of 375 or 3000. + type: integer + required: + - interface + type: object + type: array + serviceAccount: + description: The service account to attach to the instance. + properties: + scopes: + description: A list of service scopes. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: The shielded vm config being used by the instance. + properties: + enableIntegrityMonitoring: + description: Whether integrity monitoring is enabled for the instance. + type: boolean + enableSecureBoot: + description: Whether secure boot is enabled for the instance. + type: boolean + enableVtpm: + description: Whether the instance uses vTPM. + type: boolean + type: object + tags: + description: The list of tags attached to the instance. + items: + type: string + type: array + zone: + description: Immutable. The zone of the instance. If self_link is + provided, this value is ignored. If neither self_link nor zone are + provided, the provider zone is used. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + cpuPlatform: + description: The CPU platform used by this instance. + type: string + currentStatus: + description: Current status of the instance. + type: string + instanceId: + description: The server-assigned unique identifier of this instance. + type: string + labelFingerprint: + description: The unique fingerprint of the labels. + type: string + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinstancetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInstanceTemplate + plural: computeinstancetemplates + shortNames: + - gcpcomputeinstancetemplate + - gcpcomputeinstancetemplates + singular: computeinstancetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advancedMachineFeatures: + description: Immutable. Controls for advanced machine-related behavior + features. + properties: + enableNestedVirtualization: + description: Immutable. Whether to enable nested virtualization + or not. + type: boolean + threadsPerCore: + description: Immutable. The number of threads per physical core. + To disable simultaneous multithreading (SMT) set this to 1. + If unset, the maximum number of threads supported per core by + the underlying processor is assumed. + type: integer + visibleCoreCount: + description: Immutable. The number of physical cores to expose + to an instance. Multiply by the number of threads per core to + compute the total number of virtual CPUs to expose to the instance. + If unset, the number of cores is inferred from the instance\'s + nominal CPU count and the underlying platform\'s SMT width. + type: integer + type: object + canIpForward: + description: Immutable. Whether to allow sending and receiving of + packets with non-matching source or destination IPs. This defaults + to false. + type: boolean + confidentialInstanceConfig: + description: Immutable. The Confidential VM config being used by the + instance. on_host_maintenance has to be set to TERMINATE or this + will fail to create. + properties: + enableConfidentialCompute: + description: Immutable. Defines whether the instance should have + confidential compute enabled. + type: boolean + required: + - enableConfidentialCompute + type: object + description: + description: Immutable. A brief description of this resource. + type: string + disk: + description: Immutable. Disks to attach to instances created from + this template. This can be specified multiple times for multiple + disks. + items: + properties: + autoDelete: + description: Immutable. Whether or not the disk should be auto-deleted. + This defaults to true. + type: boolean + boot: + description: Immutable. Indicates that this is a boot disk. + type: boolean + deviceName: + description: Immutable. A unique device name that is reflected + into the /dev/ tree of a Linux operating system running within + the instance. If not specified, the server chooses a default + device name to apply to this disk. + type: string + diskEncryptionKey: + description: Immutable. Encrypts or decrypts a disk using a + customer-supplied encryption key. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + diskName: + description: Immutable. Name of the disk. When not provided, + this defaults to the name of the instance. + type: string + diskSizeGb: + description: Immutable. The size of the image in gigabytes. + If not specified, it will inherit the size of its base image. + For SCRATCH disks, the size must be one of 375 or 3000 GB, + with a default of 375 GB. + type: integer + diskType: + description: Immutable. The Google Compute Engine disk type. + Such as "pd-ssd", "local-ssd", "pd-balanced" or "pd-standard". + type: string + interface: + description: Immutable. Specifies the disk interface to use + for attaching this disk. + type: string + labels: + additionalProperties: + type: string + description: Immutable. A set of key/value label pairs to assign + to disks,. + type: object + mode: + description: Immutable. The mode in which to attach this disk, + either READ_WRITE or READ_ONLY. If you are attaching or creating + a boot disk, this must read-write mode. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeResourcePolicy` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceDiskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceImageEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source + image. Required if the source image is protected by a + customer-supplied encryption key. + + Instance templates do not store customer-supplied + encryption keys, so you cannot create disks for + instances in a managed instance group if the source + images are encrypted with your own keys. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceImageRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeImage` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + sourceSnapshotEncryptionKey: + description: Immutable. The customer-supplied encryption key + of the source snapshot. + properties: + kmsKeySelfLinkRef: + description: |- + The self link of the encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account being used for the encryption request for the + given KMS key. If absent, the Compute Engine default service account + is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an + `IAMServiceAccount` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeySelfLinkRef + type: object + sourceSnapshotRef: + description: |- + The source snapshot to create this disk. When creating a new + instance, one of initializeParams.sourceSnapshot, + initializeParams.sourceImage, or disks.source is required except for + local SSD. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSnapshot` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: Immutable. The type of Google Compute Engine disk, + can be either "SCRATCH" or "PERSISTENT". + type: string + type: object + type: array + enableDisplay: + description: 'Immutable. Enable Virtual Displays on this instance. + Note: allow_stopping_for_update must be set to true in order to + update this field.' + type: boolean + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the guest accelerator + cards exposed to this instance. + type: integer + type: + description: Immutable. The accelerator type resource to expose + to this instance. E.g. nvidia-tesla-k80. + type: string + required: + - count + - type + type: object + type: array + instanceDescription: + description: Immutable. A description of the instance. + type: string + machineType: + description: Immutable. The machine type to create. To create a machine + with a custom type (such as extended memory), format the value like + custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of + RAM. + type: string + metadata: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + metadataStartupScript: + description: Immutable. An alternative to using the startup-script + metadata key, mostly to match the compute_instance resource. This + replaces the startup-script metadata key on the created instance + and thus the two mechanisms are not allowed to be used simultaneously. + type: string + minCpuPlatform: + description: Immutable. Specifies a minimum CPU platform. Applicable + values are the friendly names of CPU platforms, such as Intel Haswell + or Intel Skylake. + type: string + namePrefix: + description: Immutable. Creates a unique name beginning with the specified + prefix. Conflicts with name. + type: string + networkInterface: + description: Immutable. Networks to attach to instances created from + this template. This can be specified multiple times for multiple + networks. + items: + properties: + accessConfig: + items: + properties: + natIpRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of + a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkTier: + description: 'Immutable. The networking tier used for + configuring this instance template. This field can take + the following values: PREMIUM, STANDARD, FIXED_STANDARD. + If this field is not specified, it is assumed to be + PREMIUM.' + type: string + publicPtrDomainName: + description: The DNS domain name for the public PTR record.The + DNS domain name for the public PTR record. + type: string + type: object + type: array + aliasIpRange: + description: Immutable. An array of alias IP ranges for this + network interface. Can only be specified for network interfaces + on subnet-mode networks. + items: + properties: + ipCidrRange: + description: Immutable. The IP CIDR range represented + by this alias IP range. This IP CIDR range must belong + to the specified subnetwork and cannot contain IP addresses + reserved by system or used by other network interfaces. + At the time of writing only a netmask (e.g. /24) may + be supplied, with a CIDR format resulting in an API + error. + type: string + subnetworkRangeName: + description: Immutable. The subnetwork secondary range + name specifying the secondary range from which to allocate + the IP CIDR range for this alias IP range. If left unspecified, + the primary range of the subnetwork will be used. + type: string + required: + - ipCidrRange + type: object + type: array + ipv6AccessConfig: + description: An array of IPv6 access configurations for this + interface. Currently, only one IPv6 access config, DIRECT_IPV6, + is supported. If there is no ipv6AccessConfig specified, then + this instance will have no external IPv6 Internet access. + items: + properties: + externalIpv6: + description: The first IPv6 address of the external IPv6 + range associated with this instance, prefix length is + stored in externalIpv6PrefixLength in ipv6AccessConfig. + The field is output only, an IPv6 address from a subnetwork + associated with the instance will be allocated dynamically. + type: string + externalIpv6PrefixLength: + description: The prefix length of the external IPv6 range. + type: string + networkTier: + description: The service-level to be provided for IPv6 + traffic when the subnet has an external subnet. Only + PREMIUM tier is valid for IPv6. + type: string + publicPtrDomainName: + description: The domain name to be used when creating + DNSv6 records for the external IPv6 ranges. + type: string + required: + - networkTier + type: object + type: array + ipv6AccessType: + description: One of EXTERNAL, INTERNAL to indicate whether the + IP can be accessed from the Internet. This field is always + inherited from its subnetwork. + type: string + name: + description: The name of the network_interface. + type: string + networkIp: + description: Immutable. The private IP address to assign to + the instance. If empty, the address will be automatically + assigned. + type: string + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nicType: + description: Immutable. The type of vNIC to be used on this + interface. Possible values:GVNIC, VIRTIO_NET. + type: string + queueCount: + description: Immutable. The networking queue count that's specified + by users for the network interface. Both Rx and Tx queues + will be set to this number. It will be empty if not specified. + type: integer + stackType: + description: The stack type for this network interface to identify + whether the IPv6 feature is enabled or not. If not specified, + IPV4_ONLY will be used. + type: string + subnetworkProject: + description: Immutable. The ID of the project in which the subnetwork + belongs. If it is not provided, the provider project is used. + type: string + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + networkPerformanceConfig: + description: Immutable. Configures network performance settings for + the instance. If not specified, the instance will be created with + its default network performance configuration. + properties: + totalEgressBandwidthTier: + description: Immutable. The egress bandwidth tier to enable. Possible + values:TIER_1, DEFAULT. + type: string + required: + - totalEgressBandwidthTier + type: object + region: + description: Immutable. An instance template is a global resource + that is not bound to a zone or a region. However, you can still + specify some regional resources in an instance template, which restricts + the template to the region where that resource resides. For example, + a custom subnetwork resource is tied to a specific region. Defaults + to the region of the Provider if no value is given. + type: string + reservationAffinity: + description: Immutable. Specifies the reservations that this instance + can consume from. + properties: + specificReservation: + description: Immutable. Specifies the label selector for the reservation + to use. + properties: + key: + description: Immutable. Corresponds to the label key of a + reservation resource. To target a SPECIFIC_RESERVATION by + name, specify compute.googleapis.com/reservation-name as + the key and specify the name of your reservation as the + only value. + type: string + values: + description: Immutable. Corresponds to the label values of + a reservation resource. + items: + type: string + type: array + required: + - key + - values + type: object + type: + description: Immutable. The type of reservation from which this + instance can consume resources. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + resourcePolicies: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeResourcePolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + scheduling: + description: Immutable. The scheduling strategy to use. + properties: + automaticRestart: + description: Immutable. Specifies whether the instance should + be automatically restarted if it is terminated by Compute Engine + (not terminated by a user). This defaults to true. + type: boolean + instanceTerminationAction: + description: Immutable. Specifies the action GCE should take when + SPOT VM is preempted. + type: string + maintenanceInterval: + description: 'Specifies the frequency of planned maintenance events. + The accepted values are: PERIODIC.' + type: string + maxRunDuration: + description: Immutable. The timeout for new network connections + to hosts. + properties: + nanos: + description: |- + Immutable. Span of time that's a fraction of a second at nanosecond + resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must + be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Immutable. Span of time at a resolution of a second. + Must be from 0 to 315,576,000,000 inclusive. + type: integer + required: + - seconds + type: object + minNodeCpus: + description: Minimum number of cpus for the instance. + type: integer + nodeAffinities: + items: + properties: + value: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + onHostMaintenance: + description: Immutable. Defines the maintenance behavior for this + instance. + type: string + preemptible: + description: Immutable. Allows instance to be preempted. This + defaults to false. + type: boolean + provisioningModel: + description: Immutable. Whether the instance is spot. If this + is set as SPOT. + type: string + type: object + serviceAccount: + description: Immutable. Service account to attach to the instance. + properties: + scopes: + description: Immutable. A list of service scopes. Both OAuth2 + URLs and gcloud short names are supported. To allow full access + to all Cloud APIs, use the cloud-platform scope. + items: + type: string + type: array + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - scopes + type: object + shieldedInstanceConfig: + description: 'Immutable. Enable Shielded VM on this instance. Shielded + VM provides verifiable integrity to prevent against malware and + rootkits. Defaults to disabled. Note: shielded_instance_config can + only be used with boot images with shielded vm support.' + properties: + enableIntegrityMonitoring: + description: Immutable. Compare the most recent boot measurements + to the integrity policy baseline and return a pair of pass/fail + results depending on whether they match or not. Defaults to + true. + type: boolean + enableSecureBoot: + description: Immutable. Verify the digital signature of all boot + components, and halt the boot process if signature verification + fails. Defaults to false. + type: boolean + enableVtpm: + description: Immutable. Use a virtualized trusted platform module, + which is a specialized computer chip you can use to encrypt + objects like keys and certificates. Defaults to true. + type: boolean + type: object + tags: + description: Immutable. Tags to attach to the instance. + items: + type: string + type: array + required: + - disk + - machineType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + metadataFingerprint: + description: The unique fingerprint of the metadata. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + selfLinkUnique: + description: A special URI of the created resource that uniquely identifies + this instance template. + type: string + tagsFingerprint: + description: The unique fingerprint of the tags. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeinterconnectattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeInterconnectAttachment + plural: computeinterconnectattachments + shortNames: + - gcpcomputeinterconnectattachment + - gcpcomputeinterconnectattachments + singular: computeinterconnectattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adminEnabled: + description: |- + Whether the VLAN attachment is enabled or disabled. When using + PARTNER type this will Pre-Activate the interconnect attachment. + type: boolean + bandwidth: + description: |- + Provisioned bandwidth capacity for the interconnect attachment. + For attachments of type DEDICATED, the user can set the bandwidth. + For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. + Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, + Defaults to BPS_10G Possible values: ["BPS_50M", "BPS_100M", "BPS_200M", "BPS_300M", "BPS_400M", "BPS_500M", "BPS_1G", "BPS_2G", "BPS_5G", "BPS_10G", "BPS_20G", "BPS_50G"]. + type: string + candidateSubnets: + description: |- + Immutable. Up to 16 candidate prefixes that can be used to restrict the allocation + of cloudRouterIpAddress and customerRouterIpAddress for this attachment. + All prefixes must be within link-local address space (169.254.0.0/16) + and must be /29 or shorter (/28, /27, etc). Google will attempt to select + an unused /29 from the supplied candidate prefix(es). The request will + fail if all possible /29s are in use on Google's edge. If not supplied, + Google will randomly select an unused /29 from all of link-local space. + items: + type: string + type: array + description: + description: An optional description of this resource. + type: string + edgeAvailabilityDomain: + description: |- + Immutable. Desired availability domain for the attachment. Only available for type + PARTNER, at creation time. For improved reliability, customers should + configure a pair of attachments with one per availability domain. The + selected availability domain will be provided to the Partner via the + pairing key so that the provisioned circuit will lie in the specified + domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. + type: string + encryption: + description: |- + Immutable. Indicates the user-supplied encryption option of this interconnect + attachment. Can only be specified at attachment creation for PARTNER or + DEDICATED attachments. + + * NONE - This is the default value, which means that the VLAN attachment + carries unencrypted traffic. VMs are able to send traffic to, or receive + traffic from, such a VLAN attachment. + + * IPSEC - The VLAN attachment carries only encrypted traffic that is + encrypted by an IPsec device, such as an HA VPN gateway or third-party + IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, + such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN + attachment must be created with this option. Default value: "NONE" Possible values: ["NONE", "IPSEC"]. + type: string + interconnect: + description: |- + Immutable. URL of the underlying Interconnect object that this attachment's + traffic will traverse through. Required if type is DEDICATED, must not + be set if type is PARTNER. + type: string + ipsecInternalAddresses: + items: + description: |- + Immutable. The addresses that have been reserved for the + interconnect attachment. Used only for interconnect attachment that + has the encryption option as IPSEC. + + The addresses must be RFC 1918 IP address ranges. When creating HA + VPN gateway over the interconnect attachment, if the attachment is + configured to use an RFC 1918 IP address, then the VPN gateway's IP + address will be allocated from the IP address range specified + here. + + For example, if the HA VPN gateway's interface 0 is paired to this + interconnect attachment, then an RFC 1918 IP address for the VPN + gateway interface 0 will be allocated from the IP address specified + for this interconnect attachment. + + If this field is not specified for interconnect attachment that has + encryption option as IPSEC, later on when creating HA VPN gateway on + this interconnect attachment, the HA VPN gateway's IP address will + be allocated from regional external IP address pool. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + mtu: + description: |- + Maximum Transmission Unit (MTU), in bytes, of packets passing through + this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. + type: string + region: + description: Region where the regional interconnect attachment resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: |- + The Cloud Router to be used for dynamic routing. This router must + be in the same region as this ComputeInterconnectAttachment. The + ComputeInterconnectAttachment will automatically connect the + interconnect to the network & region within which the Cloud Router + is configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: |- + Immutable. The type of InterconnectAttachment you wish to create. Defaults to + DEDICATED. Possible values: ["DEDICATED", "PARTNER", "PARTNER_PROVIDER"]. + type: string + vlanTag8021q: + description: |- + Immutable. The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When + using PARTNER type this will be managed upstream. + type: integer + required: + - region + - routerRef + type: object + status: + properties: + cloudRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + customerRouterIpAddress: + description: |- + IPv4 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string + googleReferenceId: + description: |- + Google reference ID, to be used when raising support tickets with + Google or otherwise to debug backend connectivity issues. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pairingKey: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. The opaque + identifier of an PARTNER attachment used to initiate provisioning with + a selected partner. Of the form "XXXXX/region/domain". + type: string + partnerAsn: + description: |- + [Output only for type PARTNER. Not present for DEDICATED]. Optional + BGP ASN for the router that should be supplied by a layer 3 Partner if + they configured BGP on behalf of the customer. + type: string + privateInterconnectInfo: + description: |- + Information specific to an InterconnectAttachment. This property + is populated if the interconnect that this is attached to is of type DEDICATED. + properties: + tag8021q: + description: |- + 802.1q encapsulation tag to be used for traffic between + Google and the customer, going to and from this network and region. + type: integer + type: object + selfLink: + type: string + state: + description: '[Output Only] The current state of this attachment''s + functionality.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemachineimages.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeMachineImage + plural: computemachineimages + shortNames: + - gcpcomputemachineimage + - gcpcomputemachineimages + singular: computemachineimage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A text description of the resource. + type: string + guestFlush: + description: |- + Immutable. Specify this to create an application consistent machine image by informing the OS to prepare for the snapshot process. + Currently only supported on Windows instances using the Volume Shadow Copy Service (VSS). + type: boolean + machineImageEncryptionKey: + description: |- + Immutable. Encrypts the machine image using a customer-supplied encryption key. + + After you encrypt a machine image with a customer-supplied key, you must + provide the same key if you use the machine image later (e.g. to create a + instance from the image). + properties: + kmsKeyName: + description: Immutable. The name of the encryption key that is + stored in Google Cloud KMS. + type: string + kmsKeyServiceAccount: + description: |- + Immutable. The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + type: string + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + type: string + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the + customer-supplied encryption key that protects this resource. + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + - sourceInstanceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + storageLocations: + description: The regional or multi-regional Cloud Storage bucket location + where the machine image is stored. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computemanagedsslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeManagedSSLCertificate + plural: computemanagedsslcertificates + shortNames: + - gcpcomputemanagedsslcertificate + - gcpcomputemanagedsslcertificates + singular: computemanagedsslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + description: + description: Immutable. An optional description of this resource. + type: string + managed: + description: |- + Immutable. Properties relevant to a managed certificate. These will be used if the + certificate is managed (as indicated by a value of 'MANAGED' in 'type'). + properties: + domains: + description: |- + Immutable. Domains for which a managed SSL certificate will be valid. Currently, + there can be up to 100 domains in this list. + items: + type: string + type: array + required: + - domains + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. Enum field whose value is always 'MANAGED' - used to signal to the API + which type this is. Default value: "MANAGED" Possible values: ["MANAGED"]. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + subjectAlternativeNames: + description: Domains associated with the certificate via Subject Alternative + Name. + items: + type: string + type: array + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpointGroup + plural: computenetworkendpointgroups + shortNames: + - gcpcomputenetworkendpointgroup + - gcpcomputenetworkendpointgroups + singular: computenetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultPort: + description: |- + Immutable. The default port used if the port number is not specified in the + network endpoint. + type: integer + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeNetworkEndpointGroup. Specify a zone name. Reference: GCP + definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + networkEndpointType: + description: |- + Immutable. Type of network endpoints in this network endpoint group. + NON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network + endpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid). + Note that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services + that 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED, + INTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or + CONNECTION balancing modes. + + Possible values include: GCE_VM_IP, GCE_VM_IP_PORT, and NON_GCP_PRIVATE_IP_PORT. Default value: "GCE_VM_IP_PORT" Possible values: ["GCE_VM_IP", "GCE_VM_IP_PORT", "NON_GCP_PRIVATE_IP_PORT"]. + type: string + networkRef: + description: |- + The network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: Optional subnetwork to which all network endpoints in + the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + size: + description: Number of network endpoints in the network endpoint group. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkendpoints.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkEndpoint + plural: computenetworkendpoints + shortNames: + - gcpcomputenetworkendpoint + - gcpcomputenetworkendpoints + singular: computenetworkendpoint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipAddress: + description: |- + Immutable. IPv4 address of network endpoint. The IP address must belong + to a VM in GCE (either the primary IP or as part of an aliased IP + range). + type: string + networkEndpointGroupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetworkEndpointGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The port of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing network endpoint + group is located. + type: string + required: + - ipAddress + - networkEndpointGroupRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeeringroutesconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeeringRoutesConfig + plural: computenetworkpeeringroutesconfigs + shortNames: + - gcpcomputenetworkpeeringroutesconfig + - gcpcomputenetworkpeeringroutesconfigs + singular: computenetworkpeeringroutesconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + type: boolean + importCustomRoutes: + description: Whether to import the custom routes to the peer network. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The peering of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - exportCustomRoutes + - importCustomRoutes + - networkRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworkpeerings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetworkPeering + plural: computenetworkpeerings + shortNames: + - gcpcomputenetworkpeering + - gcpcomputenetworkpeerings + singular: computenetworkpeering + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + exportCustomRoutes: + description: Whether to export the custom routes to the peer network. + Defaults to false. + type: boolean + exportSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + importCustomRoutes: + description: Whether to export the custom routes from the peer network. + Defaults to false. + type: boolean + importSubnetRoutesWithPublicIp: + description: Immutable. + type: boolean + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + peerNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - peerNetworkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State for the peering, either ACTIVE or INACTIVE. The + peering is ACTIVE when there's a matching configuration in the peer + network. + type: string + stateDetails: + description: Details about the current state of the peering. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNetwork + plural: computenetworks + shortNames: + - gcpcomputenetwork + - gcpcomputenetworks + singular: computenetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoCreateSubnetworks: + description: |- + Immutable. When set to 'true', the network is created in "auto subnet mode" and + it will create a subnet for each region automatically across the + '10.128.0.0/9' address range. + + When set to 'false', the network is created in "custom subnet mode" so + the user can explicitly connect subnetwork resources. + type: boolean + deleteDefaultRoutesOnCreate: + description: |- + If set to 'true', default routes ('0.0.0.0/0') will be deleted + immediately after network creation. Defaults to 'false'. + type: boolean + description: + description: |- + Immutable. An optional description of this resource. The resource must be + recreated to modify this field. + type: string + enableUlaInternalIpv6: + description: "Immutable. Enable ULA internal ipv6 on this network. + Enabling this feature will assign \na /48 from google defined ULA + prefix fd20::/20." + type: boolean + internalIpv6Range: + description: "Immutable. When enabling ula internal ipv6, caller optionally + can specify the /48 range \nthey want from the google defined ULA + prefix fd20::/20. The input must be a \nvalid /48 ULA IPv6 address + and must be within the fd20::/20. Operation will \nfail if the speficied + /48 is already in used by another resource. \nIf the field is not + speficied, then a /48 range will be randomly allocated from fd20::/20 + and returned via this field." + type: string + mtu: + description: "Immutable. Maximum Transmission Unit in bytes. The default + value is 1460 bytes. \nThe minimum value for this field is 1300 + and the maximum value is 8896 bytes (jumbo frames).\nNote that packets + larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS + clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message + if the packets are routed to the Internet or other VPCs \nwith varying + MTUs." + type: integer + networkFirewallPolicyEnforcementOrder: + description: 'Immutable. Set the order that Firewall Rules and Firewall + Policies are evaluated. Needs to be either ''AFTER_CLASSIC_FIREWALL'' + or ''BEFORE_CLASSIC_FIREWALL'' Default ''AFTER_CLASSIC_FIREWALL'' + Default value: "AFTER_CLASSIC_FIREWALL" Possible values: ["BEFORE_CLASSIC_FIREWALL", + "AFTER_CLASSIC_FIREWALL"].' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routingMode: + description: |- + The network-wide routing mode to use. If set to 'REGIONAL', this + network's cloud routers will only advertise routes with subnetworks + of this network in the same region as the router. If set to 'GLOBAL', + this network's cloud routers will advertise routes with all + subnetworks of this network, across regions. Possible values: ["REGIONAL", "GLOBAL"]. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + gatewayIpv4: + description: |- + The gateway address for default routing out of the network. This value + is selected by GCP. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodegroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeGroup + plural: computenodegroups + shortNames: + - gcpcomputenodegroup + - gcpcomputenodegroups + singular: computenodegroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + Immutable. If you use sole-tenant nodes for your workloads, you can use the node + group autoscaler to automatically manage the sizes of your node groups. + properties: + maxNodes: + description: |- + Immutable. Maximum size of the node group. Set to a value less than or equal + to 100 and greater than or equal to min-nodes. + type: integer + minNodes: + description: |- + Immutable. Minimum size of the node group. Must be less + than or equal to max-nodes. The default value is 0. + type: integer + mode: + description: |- + Immutable. The autoscaling mode. Set to one of the following: + - OFF: Disables the autoscaler. + - ON: Enables scaling in and scaling out. + - ONLY_SCALE_OUT: Enables only scaling out. + You must use this mode if your node groups are configured to + restart their hosted VMs on minimal servers. Possible values: ["OFF", "ON", "ONLY_SCALE_OUT"]. + type: string + type: object + description: + description: Immutable. An optional textual description of the resource. + type: string + initialSize: + description: Immutable. The initial number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + maintenancePolicy: + description: 'Immutable. Specifies how to handle instances when a + node in the group undergoes maintenance. Set to one of: DEFAULT, + RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value + is DEFAULT.' + type: string + maintenanceWindow: + description: Immutable. contains properties for the timeframe of maintenance. + properties: + startTime: + description: Immutable. instances.start time of the window. This + must be in UTC format that resolves to one of 00:00, 04:00, + 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and + 08:00 are valid. + type: string + required: + - startTime + type: object + nodeTemplateRef: + description: The node template to which this node group belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNodeTemplate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + shareSettings: + description: Immutable. Share settings for the node group. + properties: + projectMap: + description: Immutable. A map of project id and project config. + This is only valid when shareType's value is SPECIFIC_PROJECTS. + items: + properties: + idRef: + description: The key of this project config in the parent + map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectIdRef: + description: |- + The project id/number should be the same as the key of this project + config in the project map. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - idRef + - projectIdRef + type: object + type: array + shareType: + description: 'Immutable. Node group sharing type. Possible values: + ["ORGANIZATION", "SPECIFIC_PROJECTS", "LOCAL"].' + type: string + required: + - shareType + type: object + size: + description: Immutable. The total number of nodes in the node group. + One of 'initial_size' or 'size' must be specified. + type: integer + zone: + description: Immutable. Zone where this node group is located. + type: string + required: + - nodeTemplateRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computenodetemplates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeNodeTemplate + plural: computenodetemplates + shortNames: + - gcpcomputenodetemplate + - gcpcomputenodetemplates + singular: computenodetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cpuOvercommitType: + description: 'Immutable. CPU overcommit. Default value: "NONE" Possible + values: ["ENABLED", "NONE"].' + type: string + description: + description: Immutable. An optional textual description of the resource. + type: string + nodeType: + description: |- + Immutable. Node type to use for nodes group that are created from this template. + Only one of nodeTypeFlexibility and nodeType can be specified. + type: string + nodeTypeFlexibility: + description: |- + Immutable. Flexible properties for the desired node type. Node groups that + use this node template will create nodes of a type that matches + these properties. Only one of nodeTypeFlexibility and nodeType can + be specified. + properties: + cpus: + description: Immutable. Number of virtual CPUs to use. + type: string + localSsd: + description: Use local SSD. + type: string + memory: + description: Immutable. Physical memory available to the node, + defined in MB. + type: string + type: object + region: + description: |- + Immutable. Region where nodes using the node template will be created. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serverBinding: + description: |- + Immutable. The server binding policy for nodes using this template. Determines + where the nodes should restart following a maintenance event. + properties: + type: + description: |- + Immutable. Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER', + nodes using this template will restart on any physical server + following a maintenance event. + + If 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template + will restart on the same physical server following a maintenance + event, instead of being live migrated to or restarted on a new + physical server. This option may be useful if you are using + software licenses tied to the underlying server characteristics + such as physical sockets or cores, to avoid the need for + additional licenses when maintenance occurs. However, VMs on such + nodes will experience outages while maintenance is applied. Possible values: ["RESTART_NODE_ON_ANY_SERVER", "RESTART_NODE_ON_MINIMAL_SERVERS"]. + type: string + required: + - type + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicy + plural: computeorganizationsecuritypolicies + shortNames: + - gcpcomputeorganizationsecuritypolicy + - gcpcomputeorganizationsecuritypolicies + singular: computeorganizationsecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A textual description for the organization security policy. + type: string + displayName: + description: Immutable. A textual name of the security policy. + type: string + parent: + description: |- + Immutable. The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id}. + type: string + resourceID: + description: Immutable. Optional. The policyId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The type indicates the intended use of the security policy. + For organization security policies, the only supported type + is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - displayName + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: |- + Fingerprint of this resource. This field is used internally during + updates of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + policyId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyassociations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyAssociation + plural: computeorganizationsecuritypolicyassociations + shortNames: + - gcpcomputeorganizationsecuritypolicyassociation + - gcpcomputeorganizationsecuritypolicyassociations + singular: computeorganizationsecuritypolicyassociation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attachmentId: + description: Immutable. The resource that the security policy is attached + to. + type: string + policyId: + description: Immutable. The security policy ID of the association. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - attachmentId + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The display name of the security policy of the association. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeorganizationsecuritypolicyrules.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeOrganizationSecurityPolicyRule + plural: computeorganizationsecuritypolicyrules + shortNames: + - gcpcomputeorganizationsecuritypolicyrule + - gcpcomputeorganizationsecuritypolicyrules + singular: computeorganizationsecuritypolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny" or "goto_next". + type: string + description: + description: A description of the rule. + type: string + direction: + description: 'The direction in which this rule applies. If unspecified + an INGRESS rule is created. Possible values: ["INGRESS", "EGRESS"].' + type: string + enableLogging: + description: |- + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + type: boolean + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding 'action' is + enforced. + properties: + config: + description: The configuration options for matching the rule. + properties: + destIpRanges: + description: |- + Destination IP address range in CIDR format. Required for + EGRESS rules. + items: + type: string + type: array + layer4Config: + description: Pairs of IP protocols and ports that the rule + should match. + items: + properties: + ipProtocol: + description: |- + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + type: string + ports: + description: |- + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + items: + type: string + type: array + required: + - ipProtocol + type: object + type: array + srcIpRanges: + description: |- + Source IP address range in CIDR format. Required for + INGRESS rules. + items: + type: string + type: array + required: + - layer4Config + type: object + description: + description: A description of the rule. + type: string + versionedExpr: + description: |- + Preconfigured versioned expression. For organization security policy rules, + the only supported type is "FIREWALL". Default value: "FIREWALL" Possible values: ["FIREWALL"]. + type: string + required: + - config + type: object + policyId: + description: Immutable. The ID of the OrganizationSecurityPolicy this + rule applies to. + type: string + preview: + description: If set to true, the specified action is not enforced. + type: boolean + resourceID: + description: Immutable. Optional. The priority of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetResources: + description: |- + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + items: + type: string + type: array + targetServiceAccounts: + description: |- + A list of service accounts indicating the sets of + instances that are applied with this rule. + items: + type: string + type: array + required: + - action + - match + - policyId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computepacketmirrorings.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePacketMirroring + plural: computepacketmirrorings + shortNames: + - gcpcomputepacketmirroring + - gcpcomputepacketmirrorings + singular: computepacketmirroring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collectorIlb: + description: The Forwarding Rule resource of type `loadBalancingScheme=INTERNAL` + that will be used as collector for mirrored traffic. The specified + forwarding rule must have `isMirroringCollector` set to true. + properties: + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enable: + description: Indicates whether or not this packet mirroring takes + effect. If set to FALSE, this packet mirroring policy will not be + enforced on the network. The default is TRUE. + type: string + filter: + description: Filter for mirrored traffic. If unspecified, all traffic + is mirrored. + properties: + cidrRanges: + description: IP CIDR ranges that apply as filter on the source + (ingress) or destination (egress) IP in the IP header. Only + IPv4 is supported. If no ranges are specified, all traffic that + matches the specified IPProtocols is mirrored. If neither cidrRanges + nor IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + direction: + description: Direction of traffic to mirror, either INGRESS, EGRESS, + or BOTH. The default is BOTH. + type: string + ipProtocols: + description: Protocols that apply as filter on mirrored traffic. + If no protocols are specified, all traffic that matches the + specified CIDR ranges is mirrored. If neither cidrRanges nor + IPProtocols is specified, all traffic is mirrored. + items: + type: string + type: array + type: object + location: + description: Immutable. The location for the resource + type: string + mirroredResources: + description: PacketMirroring mirroredResourceInfos. MirroredResourceInfo + specifies a set of mirrored VM instances, subnetworks and/or tags + for which traffic from/to all VM instances will be mirrored. + properties: + instances: + description: A set of virtual machine instances that are being + mirrored. They must live in zones contained in the same region + as this packetMirroring. Note that this config will apply only + to those network interfaces of the Instances that belong to + the network specified in this packetMirroring. You may specify + a maximum of 50 Instances. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the instance; defined by the server. + type: string + urlRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the virtual machine instance which is being mirrored. + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + subnetworks: + description: Immutable. A set of subnetworks for which traffic + from/to all VM instances will be mirrored. They must live in + the same region as this packetMirroring. You may specify a maximum + of 5 subnetworks. + items: + properties: + canonicalUrl: + description: Immutable. Output only. Unique identifier for + the subnetwork; defined by the server. + type: string + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored. + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + tags: + description: A set of mirrored tags. Traffic from/to all VM instances + that have one or more of these tags will be mirrored. + items: + type: string + type: array + type: object + network: + description: Immutable. Specifies the mirrored VPC network. Only packets + in this network will be mirrored. All mirrored VMs should have a + NIC in the given network. All mirrored subnetworks should belong + to the given network. + properties: + urlRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + URL of the network resource. + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - urlRef + type: object + priority: + description: The priority of applying this configuration. Priority + is used to break ties in cases where there is more than one matching + rule. In the case of two rules that apply for a given Instance, + the one with the lowest-numbered priority value wins. Default value + is 1000. Valid range is 0 through 65535. + format: int64 + type: integer + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - collectorIlb + - location + - mirroredResources + - network + - projectRef + type: object + status: + properties: + collectorIlb: + properties: + canonicalUrl: + description: Output only. Unique identifier for the forwarding + rule; defined by the server. + type: string + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + id: + description: Output only. The unique identifier for the resource. + This identifier is defined by the server. + format: int64 + type: integer + network: + properties: + canonicalUrl: + description: Output only. Unique identifier for the network; defined + by the server. + type: string + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: URI of the region where the packetMirroring resides. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputePerInstanceConfig + plural: computeperinstanceconfigs + shortNames: + - gcpcomputeperinstanceconfig + - gcpcomputeperinstanceconfigs + singular: computeperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + instanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. Zone where the containing instance group manager + is located. + type: string + required: + - instanceGroupManagerRef + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeprojectmetadatas.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeProjectMetadata + plural: computeprojectmetadatas + shortNames: + - gcpcomputeprojectmetadata + - gcpcomputeprojectmetadatas + singular: computeprojectmetadata + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metadata: + additionalProperties: + type: string + description: A series of key value pairs. + type: object + required: + - metadata + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionautoscalers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionAutoscaler + plural: computeregionautoscalers + shortNames: + - gcpcomputeregionautoscaler + - gcpcomputeregionautoscalers + singular: computeregionautoscaler + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscalingPolicy: + description: |- + The configuration parameters for the autoscaling algorithm. You can + define one or more of the policies for an autoscaler: cpuUtilization, + customMetricUtilizations, and loadBalancingUtilization. + + If none of these are specified, the default will be to autoscale based + on cpuUtilization to 0.6 or 60%. + properties: + cooldownPeriod: + description: |- + The number of seconds that the autoscaler should wait before it + starts collecting information from a new instance. This prevents + the autoscaler from collecting information when the instance is + initializing, during which the collected usage would not be + reliable. The default time autoscaler waits is 60 seconds. + + Virtual machine initialization times might vary because of + numerous factors. We recommend that you test how long an + instance may take to initialize. To do this, create an instance + and time the startup process. + type: integer + cpuUtilization: + description: |- + Defines the CPU utilization policy that allows the autoscaler to + scale based on the average CPU utilization of a managed instance + group. + properties: + predictiveMethod: + description: |- + Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are: + + - NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics. + + - OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand. + type: string + target: + description: |- + The target CPU utilization that the autoscaler should maintain. + Must be a float value in the range (0, 1]. If not specified, the + default is 0.6. + + If the CPU level is below the target utilization, the autoscaler + scales down the number of instances until it reaches the minimum + number of instances you specified or until the average CPU of + your instances reaches the target utilization. + + If the average CPU is above the target utilization, the autoscaler + scales up until it reaches the maximum number of instances you + specified or until the average utilization reaches the target + utilization. + type: number + required: + - target + type: object + loadBalancingUtilization: + description: Configuration parameters of autoscaling based on + a load balancer. + properties: + target: + description: |- + Fraction of backend capacity utilization (set in HTTP(s) load + balancing configuration) that autoscaler should maintain. Must + be a positive float value. If not defined, the default is 0.8. + type: number + required: + - target + type: object + maxReplicas: + description: |- + The maximum number of instances that the autoscaler can scale up + to. This is required when creating or updating an autoscaler. The + maximum number of replicas should not be lower than minimal number + of replicas. + type: integer + metric: + description: Configuration parameters of autoscaling based on + a custom metric. + items: + properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + + If not specified, the type defaults to gce_instance. + + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string + name: + description: |- + The identifier (type) of the Stackdriver Monitoring metric. + The metric cannot have negative values. + + The metric must have a value type of INT64 or DOUBLE. + type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + + For example, a good metric to use with the target is + 'pubsub.googleapis.com/subscription/num_undelivered_messages' + or a custom metric exporting the total number of requests coming to + your instances. + + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number + target: + description: |- + The target value of the metric that autoscaler should + maintain. This must be a positive value. A utilization + metric scales number of virtual machines handling requests + to increase or decrease proportionally to the metric. + + For example, a good metric to use as a utilizationTarget is + www.googleapis.com/compute/instance/network/received_bytes_count. + The autoscaler will work to keep this value constant for each + of the instances. + type: number + type: + description: |- + Defines how target utilization value is expressed for a + Stackdriver Monitoring metric. Possible values: ["GAUGE", "DELTA_PER_SECOND", "DELTA_PER_MINUTE"]. + type: string + required: + - name + type: object + type: array + minReplicas: + description: |- + The minimum number of replicas that the autoscaler can scale down + to. This cannot be less than 0. If not provided, autoscaler will + choose a default value depending on maximum number of instances + allowed. + type: integer + mode: + description: 'Defines operating mode for this policy. Default + value: "ON" Possible values: ["OFF", "ONLY_UP", "ON"].' + type: string + scaleDownControl: + description: |- + Defines scale down controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledDownReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scaleInControl: + description: |- + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. + properties: + maxScaledInReplicas: + description: A nested object resource. + properties: + fixed: + description: |- + Specifies a fixed number of VM instances. This must be a positive + integer. + type: integer + percent: + description: |- + Specifies a percentage of instances between 0 to 100%, inclusive. + For example, specify 80 for 80%. + type: integer + type: object + timeWindowSec: + description: |- + How long back autoscaling should look when computing recommendations + to include directives regarding slower scale down, as described above. + type: integer + type: object + scalingSchedules: + description: Scaling schedules defined for an autoscaler. Multiple + schedules can be set on an autoscaler and they can overlap. + items: + properties: + description: + description: A description of a scaling schedule. + type: string + disabled: + description: A boolean value that specifies if a scaling + schedule can influence autoscaler recommendations. If + set to true, then a scaling schedule has no effect. + type: boolean + durationSec: + description: The duration of time intervals (in seconds) + for which this scaling schedule will be running. The minimum + allowed value is 300. + type: integer + minRequiredReplicas: + description: Minimum number of VM instances that autoscaler + will recommend in time intervals starting according to + schedule. + type: integer + name: + type: string + schedule: + description: The start timestamps of time intervals when + this scaling schedule should provide a scaling signal. + This field uses the extended cron format (with an optional + year field). + type: string + timeZone: + description: 'The time zone to be used when interpreting + the schedule. The value of this field must be a time zone + name from the tz database: http://en.wikipedia.org/wiki/Tz_database.' + type: string + required: + - durationSec + - minRequiredReplicas + - name + - schedule + type: object + type: array + required: + - maxReplicas + - minReplicas + type: object + description: + description: An optional description of this resource. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. URL of the region where the instance group + resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: URL of the managed instance group that this autoscaler + will scale. + type: string + required: + - autoscalingPolicy + - projectRef + - region + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregiondiskresourcepolicyattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionDiskResourcePolicyAttachment + plural: computeregiondiskresourcepolicyattachments + shortNames: + - gcpcomputeregiondiskresourcepolicyattachment + - gcpcomputeregiondiskresourcepolicyattachments + singular: computeregiondiskresourcepolicyattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + diskRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. A reference to the region where the disk resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - diskRef + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionnetworkendpointgroups.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionNetworkEndpointGroup + plural: computeregionnetworkendpointgroups + shortNames: + - gcpcomputeregionnetworkendpointgroup + - gcpcomputeregionnetworkendpointgroups + singular: computeregionnetworkendpointgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudFunction: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + functionRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. A user-defined name of the Cloud Function. + The function name is case-sensitive and must be 1-63 characters long. + Example value: "func1". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CloudFunctionsFunction` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMask: + description: |- + Immutable. A template to parse function field from a request URL. URL mask allows + for routing to multiple Cloud Functions without having to create + multiple Network Endpoint Groups and backend services. + + For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" + can be backed by the same Serverless NEG with URL mask "/". The URL mask + will parse them to { function = "function1" } and { function = "function2" } respectively. + type: string + type: object + cloudRun: + description: |- + Immutable. Only valid when networkEndpointType is "SERVERLESS". + Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. + properties: + serviceRef: + description: |- + Only `external` field is supported to configure the reference. + + Immutable. Cloud Run service is the main resource of Cloud Run. + The service must be 1-63 characters long, and comply with RFC1035. + Example value: "run-service". + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RunService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tag: + description: |- + Immutable. Cloud Run tag represents the "named-revision" to provide + additional fine-grained traffic routing information. + The tag must be 1-63 characters long, and comply with RFC1035. + Example value: "revision-0010". + type: string + urlMask: + description: |- + Immutable. A template to parse service and tag fields from a request URL. + URL mask allows for routing to multiple Run services without having + to create multiple network endpoint groups and backend services. + + For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" + an be backed by the same Serverless Network Endpoint Group (NEG) with + URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } + and { service="bar2", tag="foo2" } respectively. + type: string + type: object + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. + type: string + networkEndpointType: + description: 'Immutable. Type of network endpoints in this network + endpoint group. Defaults to SERVERLESS Default value: "SERVERLESS" + Possible values: ["SERVERLESS", "PRIVATE_SERVICE_CONNECT"].' + type: string + networkRef: + description: |- + Immutable. This field is only used for PSC. + The URL of the network to which all network endpoints in the NEG belong. Uses + "default" project network if unspecified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + pscTargetService: + description: |- + Immutable. The target service url used to set up private service connection to + a Google API or a PSC Producer Service Attachment. + type: string + region: + description: Immutable. A reference to the region where the Serverless + NEGs Reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subnetworkRef: + description: |- + Immutable. This field is only used for PSC. + Optional URL of the subnetwork to which all network endpoints in the NEG belong. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeregionperinstanceconfigs.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRegionPerInstanceConfig + plural: computeregionperinstanceconfigs + shortNames: + - gcpcomputeregionperinstanceconfig + - gcpcomputeregionperinstanceconfigs + singular: computeregionperinstanceconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + minimalAction: + description: |- + The minimal action to perform on the instance during an update. + Default is 'NONE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + mostDisruptiveAllowedAction: + description: |- + The most disruptive action to perform on the instance during an update. + Default is 'REPLACE'. Possible values are: + * REPLACE + * RESTART + * REFRESH + * NONE. + type: string + preservedState: + description: The preserved state for this instance. + properties: + disk: + description: Stateful disks for the instance. + items: + properties: + deleteRule: + description: |- + A value that prescribes what should happen to the stateful disk when the VM instance is deleted. + The available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'. + 'NEVER' - detach the disk when the VM is deleted, but do not delete the disk. + 'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently + deleted from the instance group. Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"]. + type: string + deviceName: + description: A unique device name that is reflected into + the /dev/ tree of a Linux operating system running within + the instance. + type: string + mode: + description: 'The mode of the disk. Default value: "READ_WRITE" + Possible values: ["READ_ONLY", "READ_WRITE"].' + type: string + source: + description: |- + The URI of an existing persistent disk to attach under the specified device-name in the format + 'projects/project-id/zones/zone/disks/disk-name'. + type: string + required: + - deviceName + - source + type: object + type: array + externalIp: + description: Preserved external IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + internalIp: + description: Preserved internal IPs defined for this instance. + This map is keyed with the name of the network interface. + items: + properties: + autoDelete: + description: 'These stateful IPs will never be released + during autohealing, update or VM instance recreate operations. + This flag is used to configure if the IP reservation should + be deleted after it is no longer used by the group, e.g. + when the given instance or the whole group is deleted. + Default value: "NEVER" Possible values: ["NEVER", "ON_PERMANENT_INSTANCE_DELETION"].' + type: string + interfaceName: + type: string + ipAddress: + description: Ip address representation. + properties: + address: + description: The URL of the reservation for this IP + address. + type: string + type: object + required: + - interfaceName + type: object + type: array + metadata: + additionalProperties: + type: string + description: Preserved metadata defined for this instance. This + is a list of key->value pairs. + type: object + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the containing instance group + manager is located. + type: string + regionInstanceGroupManagerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRegionInstanceGroupManager` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + removeInstanceStateOnDestroy: + description: |- + When true, deleting this config will immediately remove any specified state from the underlying instance. + When false, deleting this config will *not* immediately remove any state from the underlying instance. + State will be removed on the next instance recreation or update. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + - region + - regionInstanceGroupManagerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computereservations.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeReservation + plural: computereservations + shortNames: + - gcpcomputereservation + - gcpcomputereservations + singular: computereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + specificReservation: + description: Reservation for instances with specific machine shapes. + properties: + count: + description: The number of resources that are allocated. + type: integer + inUseCount: + description: How many instances are in use. + type: integer + instanceProperties: + description: Immutable. The instance properties for the reservation. + properties: + guestAccelerators: + description: Immutable. Guest accelerator type and count. + items: + properties: + acceleratorCount: + description: |- + Immutable. The number of the guest accelerator cards exposed to + this instance. + type: integer + acceleratorType: + description: |- + Immutable. The full or partial URL of the accelerator type to + attach to this instance. For example: + 'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100' + + If you are creating an instance template, specify only the accelerator name. + type: string + required: + - acceleratorCount + - acceleratorType + type: object + type: array + localSsds: + description: |- + Immutable. The amount of local ssd to reserve with each instance. This + reserves disks of type 'local-ssd'. + items: + properties: + diskSizeGb: + description: Immutable. The size of the disk in base-2 + GB. + type: integer + interface: + description: 'Immutable. The disk interface to use for + attaching this disk. Default value: "SCSI" Possible + values: ["SCSI", "NVME"].' + type: string + required: + - diskSizeGb + type: object + type: array + machineType: + description: Immutable. The name of the machine type to reserve. + type: string + minCpuPlatform: + description: |- + Immutable. The minimum CPU platform for the reservation. For example, + '"Intel Skylake"'. See + the CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones) + for information on available CPU platforms. + type: string + required: + - machineType + type: object + required: + - count + - instanceProperties + type: object + specificReservationRequired: + description: |- + Immutable. When set to true, only VMs that target this reservation by name can + consume this reservation. Otherwise, it can be consumed by VMs with + affinity for any reservation. Defaults to false. + type: boolean + zone: + description: Immutable. The zone where the reservation is made. + type: string + required: + - specificReservation + - zone + type: object + status: + properties: + commitment: + description: |- + Full or partial URL to a parent commitment. This field displays for + reservations that are tied to a commitment. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + status: + description: The status of the reservation. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeresourcepolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeResourcePolicy + plural: computeresourcepolicies + shortNames: + - gcpcomputeresourcepolicy + - gcpcomputeresourcepolicies + singular: computeresourcepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + Provide this property when you create the resource. + type: string + groupPlacementPolicy: + description: Immutable. Resource policy for instances used for placement + configuration. + properties: + availabilityDomainCount: + description: |- + Immutable. The number of availability domains instances will be spread across. If two instances are in different + availability domain, they will not be put in the same low latency network. + type: integer + collocation: + description: |- + Immutable. Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network. + Specify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created + with a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy + attached. Possible values: ["COLLOCATED"]. + type: string + maxDistance: + description: Immutable. Specifies the number of max logical switches. + type: integer + vmCount: + description: |- + Immutable. Number of VMs in this placement group. Google does not recommend that you use this field + unless you use a compact policy and you want your policy to work only if it contains this + exact number of VMs. + type: integer + type: object + instanceSchedulePolicy: + description: Immutable. Resource policy for scheduling instance operations. + properties: + expirationTime: + description: Immutable. The expiration time of the schedule. The + timestamp is an RFC3339 string. + type: string + startTime: + description: Immutable. The start time of the schedule. The timestamp + is an RFC3339 string. + type: string + timeZone: + description: |- + Immutable. Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name + from the tz database: http://en.wikipedia.org/wiki/Tz_database. + type: string + vmStartSchedule: + description: Immutable. Specifies the schedule for starting instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + vmStopSchedule: + description: Immutable. Specifies the schedule for stopping instances. + properties: + schedule: + description: Immutable. Specifies the frequency for the operation, + using the unix-cron format. + type: string + required: + - schedule + type: object + required: + - timeZone + type: object + region: + description: Immutable. Region where resource policy resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotSchedulePolicy: + description: Immutable. Policy for creating snapshots of persistent + disks. + properties: + retentionPolicy: + description: Immutable. Retention policy applied to snapshots + created by this resource policy. + properties: + maxRetentionDays: + description: Immutable. Maximum age of the snapshot that is + allowed to be kept. + type: integer + onSourceDiskDelete: + description: |- + Immutable. Specifies the behavior to apply to scheduled snapshots when + the source disk is deleted. Default value: "KEEP_AUTO_SNAPSHOTS" Possible values: ["KEEP_AUTO_SNAPSHOTS", "APPLY_RETENTION_POLICY"]. + type: string + required: + - maxRetentionDays + type: object + schedule: + description: Immutable. Contains one of an 'hourlySchedule', 'dailySchedule', + or 'weeklySchedule'. + properties: + dailySchedule: + description: Immutable. The policy will execute every nth + day at the specified time. + properties: + daysInCycle: + description: Immutable. The number of days between snapshots. + type: integer + startTime: + description: |- + Immutable. This must be in UTC format that resolves to one of + 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, + both 13:00-5 and 08:00 are valid. + type: string + required: + - daysInCycle + - startTime + type: object + hourlySchedule: + description: Immutable. The policy will execute every nth + hour starting at the specified time. + properties: + hoursInCycle: + description: Immutable. The number of hours between snapshots. + type: integer + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in an hourly format "HH:MM", + where HH : [00-23] and MM : [00] GMT. + eg: 21:00. + type: string + required: + - hoursInCycle + - startTime + type: object + weeklySchedule: + description: Immutable. Allows specifying a snapshot time + for each day of the week. + properties: + dayOfWeeks: + description: Immutable. May contain up to seven (one for + each day of the week) snapshot times. + items: + properties: + day: + description: 'Immutable. The day of the week to + create the snapshot. e.g. MONDAY Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", + "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + startTime: + description: |- + Immutable. Time within the window to start the operations. + It must be in format "HH:MM", where HH : [00-23] and MM : [00-00] GMT. + type: string + required: + - day + - startTime + type: object + type: array + required: + - dayOfWeeks + type: object + type: object + snapshotProperties: + description: Immutable. Properties with which the snapshots are + created, such as labels. + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name + must be 1-63 characters long and comply \nwith RFC1035." + type: string + guestFlush: + description: Immutable. Whether to perform a 'guest aware' + snapshot. + type: boolean + labels: + additionalProperties: + type: string + description: Immutable. A set of key-value pairs. + type: object + storageLocations: + description: |- + Immutable. Cloud Storage bucket location to store the auto snapshot + (regional or multi-regional). + items: + type: string + type: array + type: object + required: + - schedule + type: object + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterinterfaces.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterInterface + plural: computerouterinterfaces + shortNames: + - gcpcomputerouterinterface + - gcpcomputerouterinterfaces + singular: computerouterinterface + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + interconnectAttachmentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + ipRange: + description: Immutable. The IP address and range of the interface. + The IP range must be in the RFC3927 link-local IP space. Changing + this forces a new interface to be created. + type: string + privateIpAddressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + redundantInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this interface's router sits in. + If not specified, the project region will be used. Changing this + forces a new interface to be created. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + vpnTunnelRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouternats.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterNAT + plural: computerouternats + shortNames: + - gcpcomputerouternat + - gcpcomputerouternats + singular: computerouternat + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + drainNatIps: + items: + description: |- + A list of IP resources to be drained. These IPs must be valid + static external IPs that have been assigned to the NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + enableDynamicPortAllocation: + description: |- + Enable Dynamic Port Allocation. + If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. + If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. + If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. + If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. + + Mutually exclusive with enableEndpointIndependentMapping. + type: boolean + enableEndpointIndependentMapping: + description: |- + Specifies if endpoint independent mapping is enabled. This is enabled by default. For more information + see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). + type: boolean + icmpIdleTimeoutSec: + description: Timeout (in seconds) for ICMP connections. Defaults to + 30s if not set. + type: integer + logConfig: + description: Configuration for logging on NAT. + properties: + enable: + description: Indicates whether or not to export logs. + type: boolean + filter: + description: 'Specifies the desired filtering of logs on this + NAT. Possible values: ["ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"].' + type: string + required: + - enable + - filter + type: object + maxPortsPerVm: + description: |- + Maximum number of ports allocated to a VM from this NAT. + This field can only be set when enableDynamicPortAllocation is enabled. + type: integer + minPortsPerVm: + description: Minimum number of ports allocated to a VM from this NAT. + type: integer + natIpAllocateOption: + description: |- + How external IPs should be allocated for this NAT. Valid values are + 'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud + Platform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: ["MANUAL_ONLY", "AUTO_ONLY"]. + type: string + natIps: + items: + description: NAT IPs. Only valid if natIpAllocateOption is set to + MANUAL_ONLY. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Region where the router and NAT reside. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerRef: + description: The Cloud Router in which this NAT will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rules: + description: A list of rules associated with this NAT. + items: + properties: + action: + description: The action to be enforced for traffic that matches + this rule. + properties: + sourceNatActiveIpsRefs: + items: + description: |- + A list of URLs of the IP resources used for this NAT rule. These IP + addresses must be valid static external IP addresses assigned to the + project. This field is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sourceNatDrainIpsRefs: + items: + description: |- + A list of URLs of the IP resources to be drained. These IPs must be + valid static external IPs that have been assigned to the NAT. These + IPs should be used for updating/patching a NAT rule only. This field + is used for public NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeAddress` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + type: object + description: + description: An optional description of this rule. + type: string + match: + description: |- + CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. + If it evaluates to true, the corresponding action is enforced. + + The following examples are valid match expressions for public NAT: + + "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" + + "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" + + The following example is a valid match expression for private NAT: + + "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'". + type: string + ruleNumber: + description: |- + An integer uniquely identifying a rule in the list. + The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT. + type: integer + required: + - match + - ruleNumber + type: object + type: array + sourceSubnetworkIpRangesToNat: + description: |- + How NAT should be configured per Subnetwork. + If 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the + IP ranges in every Subnetwork are allowed to Nat. + If 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP + ranges in every Subnetwork are allowed to Nat. + 'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat + (specified in the field subnetwork below). Note that if this field + contains ALL_SUBNETWORKS_ALL_IP_RANGES or + ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any + other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]. + type: string + subnetwork: + description: |- + One or more subnetwork NAT configurations. Only used if + 'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'. + items: + properties: + secondaryIpRangeNames: + description: |- + List of the secondary ranges of the subnetwork that are allowed + to use NAT. This can be populated only if + 'LIST_OF_SECONDARY_IP_RANGES' is one of the values in + sourceIpRangesToNat. + items: + type: string + type: array + sourceIpRangesToNat: + description: |- + List of options for which source IPs in the subnetwork + should have NAT enabled. Supported values include: + 'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES', + 'PRIMARY_IP_RANGE'. + items: + type: string + type: array + subnetworkRef: + description: The subnetwork to NAT. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - sourceIpRangesToNat + - subnetworkRef + type: object + type: array + tcpEstablishedIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP established connections. + Defaults to 1200s if not set. + type: integer + tcpTimeWaitTimeoutSec: + description: |- + Timeout (in seconds) for TCP connections that are in TIME_WAIT state. + Defaults to 120s if not set. + type: integer + tcpTransitoryIdleTimeoutSec: + description: |- + Timeout (in seconds) for TCP transitory connections. + Defaults to 30s if not set. + type: integer + udpIdleTimeoutSec: + description: Timeout (in seconds) for UDP connections. Defaults to + 30s if not set. + type: integer + required: + - natIpAllocateOption + - region + - routerRef + - sourceSubnetworkIpRangesToNat + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouterpeers.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouterPeer + plural: computerouterpeers + shortNames: + - gcpcomputerouterpeer + - gcpcomputerouterpeers + singular: computerouterpeer + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + advertiseMode: + description: |- + User-specified flag to indicate which mode to use for advertisement. + Valid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: "DEFAULT" Possible values: ["DEFAULT", "CUSTOM"]. + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom + mode, which can take one of the following options: + + * 'ALL_SUBNETS': Advertises all available subnets, including peer VPC subnets. + * 'ALL_VPC_SUBNETS': Advertises the router's own VPC subnets. + * 'ALL_PEER_VPC_SUBNETS': Advertises peer subnets of the router's VPC network. + + + Note that this field can only be populated if advertiseMode is 'CUSTOM' + and overrides the list defined for the router (in the "bgp" message). + These groups are advertised in addition to any specified prefixes. + Leave this field blank to advertise no custom groups. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is 'CUSTOM' and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + advertisedRoutePriority: + description: |- + The priority of routes advertised to this BGP peer. + Where there is more than one matching route of maximum + length, the routes with the lowest priority value win. + type: integer + bfd: + description: BFD configuration for the BGP peering. + properties: + minReceiveInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + received from the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the transmit interval of the other router. If set, this value + must be between 1000 and 30000. + type: integer + minTransmitInterval: + description: |- + The minimum interval, in milliseconds, between BFD control packets + transmitted to the peer router. The actual value is negotiated + between the two routers and is equal to the greater of this value + and the corresponding receive interval of the other router. If set, + this value must be between 1000 and 30000. + type: integer + multiplier: + description: |- + The number of consecutive BFD packets that must be missed before + BFD declares that a peer is unavailable. If set, the value must + be a value between 5 and 16. + type: integer + sessionInitializationMode: + description: |- + The BFD session initialization mode for this BGP peer. + If set to 'ACTIVE', the Cloud Router will initiate the BFD session + for this BGP peer. If set to 'PASSIVE', the Cloud Router will wait + for the peer router to initiate the BFD session for this BGP peer. + If set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: ["ACTIVE", "DISABLED", "PASSIVE"]. + type: string + required: + - sessionInitializationMode + type: object + enable: + description: |- + The status of the BGP peer connection. If set to false, any active session + with the peer is terminated and all associated routing information is removed. + If set to true, the peer connection can be established with routing information. + The default is true. + type: boolean + ipAddress: + description: |- + IP address of the interface inside Google Cloud Platform. + Only IPv4 is supported. + properties: + external: + type: string + type: object + peerAsn: + description: |- + Peer BGP Autonomous System Number (ASN). + Each BGP interface may use a different value. + type: integer + peerIpAddress: + description: |- + IP address of the BGP interface outside Google Cloud Platform. + Only IPv4 is supported. + type: string + region: + description: |- + Immutable. Region where the router and BgpPeer reside. + If it is not provided, the provider region is used. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + routerApplianceInstanceRef: + description: |- + The URI of the VM instance that is used as third-party router + appliances such as Next Gen Firewalls, Virtual Routers, or Router + Appliances. The VM instance must be located in zones contained in + the same region as this Cloud Router. The VM instance is the peer + side of the BGP session. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerInterfaceRef: + description: The interface the BGP peer is associated with. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouterInterface` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + routerRef: + description: The Cloud Router in which this BGP peer will be configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeRouter` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - peerAsn + - peerIpAddress + - region + - routerInterfaceRef + - routerRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + managementType: + description: |- + The resource that configures and manages this BGP peer. + + * 'MANAGED_BY_USER' is the default value and can be managed by + you or other users + * 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and + managed by Cloud Interconnect, specifically by an + InterconnectAttachment of type PARTNER. Google automatically + creates, updates, and deletes this type of BGP peer when the + PARTNER InterconnectAttachment is created, updated, + or deleted. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computerouters.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRouter + plural: computerouters + shortNames: + - gcpcomputerouter + - gcpcomputerouters + singular: computerouter + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bgp: + description: BGP information specific to this router. + properties: + advertiseMode: + description: 'User-specified flag to indicate which mode to use + for advertisement. Default value: "DEFAULT" Possible values: + ["DEFAULT", "CUSTOM"].' + type: string + advertisedGroups: + description: |- + User-specified list of prefix groups to advertise in custom mode. + This field can only be populated if advertiseMode is CUSTOM and + is advertised to all peers of the router. These groups will be + advertised in addition to any specified prefixes. Leave this field + blank to advertise no custom groups. + + This enum field has the one valid value: ALL_SUBNETS. + items: + type: string + type: array + advertisedIpRanges: + description: |- + User-specified list of individual IP ranges to advertise in + custom mode. This field can only be populated if advertiseMode + is CUSTOM and is advertised to all peers of the router. These IP + ranges will be advertised in addition to any specified groups. + Leave this field blank to advertise no custom IP ranges. + items: + properties: + description: + description: User-specified description for the IP range. + type: string + range: + description: |- + The IP range to advertise. The value must be a + CIDR-formatted string. + type: string + required: + - range + type: object + type: array + asn: + description: |- + Local BGP Autonomous System Number (ASN). Must be an RFC6996 + private ASN, either 16-bit or 32-bit. The value will be fixed for + this router resource. All VPN tunnels that link to this router + will have the same local ASN. + type: integer + keepaliveInterval: + description: |- + The interval in seconds between BGP keepalive messages that are sent + to the peer. Hold time is three times the interval at which keepalive + messages are sent, and the hold time is the maximum number of seconds + allowed to elapse between successive keepalive messages that BGP + receives from a peer. + + BGP will use the smaller of either the local hold time value or the + peer's hold time value as the hold time for the BGP connection + between the two peers. If set, this value must be between 20 and 60. + The default is 20. + type: integer + required: + - asn + type: object + description: + description: An optional description of this resource. + type: string + encryptedInterconnectRouter: + description: |- + Immutable. Indicates if a router is dedicated for use with encrypted VLAN + attachments (interconnectAttachments). + type: boolean + networkRef: + description: A reference to the network to which this router belongs. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. Region where the router resides. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeroutes.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeRoute + plural: computeroutes + shortNames: + - gcpcomputeroute + - gcpcomputeroutes + singular: computeroute + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property + when you create the resource. + type: string + destRange: + description: |- + Immutable. The destination range of outgoing packets that this route applies to. + Only IPv4 is supported. + type: string + networkRef: + description: The network that this route applies to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopGateway: + description: |- + Immutable. URL to a gateway that should handle matching packets. + Currently, you can only specify the internet gateway, using a full or + partial valid URL: + * 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway' + * 'projects/project/global/gateways/default-internet-gateway' + * 'global/gateways/default-internet-gateway' + * The string 'default-internet-gateway'. + type: string + nextHopILBRef: + description: |- + A forwarding rule of type loadBalancingScheme=INTERNAL that should + handle matching packets. Note that this can only be used when the + destinationRange is a public (non-RFC 1918) IP CIDR range. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeForwardingRule` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopInstanceRef: + description: Instance that should handle matching packets. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nextHopIp: + description: Immutable. Network IP address of an instance that should + handle matching packets. + type: string + nextHopVPNTunnelRef: + description: The ComputeVPNTunnel that should handle matching packets + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + priority: + description: |- + Immutable. The priority of this route. Priority is used to break ties in cases + where there is more than one matching route of equal prefix length. + + In the case of two routes with equal prefix length, the one with the + lowest-numbered priority value wins. + + Default value is 1000. Valid range is 0 through 65535. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tags: + description: Immutable. A list of instance tags to which this route + applies. + items: + type: string + type: array + required: + - destRange + - networkRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + nextHopNetwork: + description: URL to a Network that should handle matching packets. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesecuritypolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSecurityPolicy + plural: computesecuritypolicies + shortNames: + - gcpcomputesecuritypolicy + - gcpcomputesecuritypolicies + singular: computesecuritypolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + adaptiveProtectionConfig: + description: Adaptive Protection Config of this security policy. + properties: + autoDeployConfig: + description: Auto Deploy Config of this security policy. + properties: + confidenceThreshold: + description: Rules are only automatically deployed for alerts + on potential attacks with confidence scores greater than + this threshold. + type: number + expirationSec: + description: Google Cloud Armor stops applying the action + in the automatically deployed rule to an identified attacker + after this duration. The rule continues to operate against + new requests. + type: integer + impactedBaselineThreshold: + description: Rules are only automatically deployed when the + estimated impact to baseline traffic from the suggested + mitigation is below this threshold. + type: number + loadThreshold: + description: Identifies new attackers only when the load to + the backend service that is under attack exceeds this threshold. + type: number + type: object + layer7DdosDefenseConfig: + description: Layer 7 DDoS Defense Config of this security policy. + properties: + enable: + description: If set to true, enables CAAP for L7 DDoS detection. + type: boolean + ruleVisibility: + description: 'Rule visibility. Supported values include: "STANDARD", + "PREMIUM".' + type: string + type: object + type: object + advancedOptionsConfig: + description: Advanced Options Config of this security policy. + properties: + jsonCustomConfig: + description: Custom configuration to apply the JSON parsing. Only + applicable when JSON parsing is set to STANDARD. + properties: + contentTypes: + description: A list of custom Content-Type header values to + apply the JSON parsing. + items: + type: string + type: array + required: + - contentTypes + type: object + jsonParsing: + description: 'JSON body parsing. Supported values include: "DISABLED", + "STANDARD".' + type: string + logLevel: + description: 'Logging level. Supported values include: "NORMAL", + "VERBOSE".' + type: string + type: object + description: + description: An optional description of this security policy. Max + size is 2048. + type: string + recaptchaOptionsConfig: + description: reCAPTCHA configuration options to be applied for the + security policy. + properties: + redirectSiteKeyRef: + description: |- + Only `external` field is supported to configure the reference. + + A field to supply a reCAPTCHA site key to be used for all the rules + using the redirect action with the type of GOOGLE_RECAPTCHA under + the security policy. The specified site key needs to be created from + the reCAPTCHA API. The user is responsible for the validity of the + specified site key. If not specified, a Google-managed site key is + used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `RecaptchaEnterpriseKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - redirectSiteKeyRef + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rule: + description: The set of rules that belong to this policy. There must + always be a default rule (rule with priority 2147483647 and match + "*"). If no rules are provided when creating a security policy, + a default rule with action "allow" will be added. + items: + properties: + action: + description: Action to take when match matches the request. + type: string + description: + description: An optional description of this rule. Max size + is 64. + type: string + headerAction: + description: Additional actions that are performed on headers. + properties: + requestHeadersToAdds: + description: The list of request headers to add or overwrite + if they're already present. + items: + properties: + headerName: + description: The name of the header to set. + type: string + headerValue: + description: The value to set the named header to. + type: string + required: + - headerName + type: object + type: array + required: + - requestHeadersToAdds + type: object + match: + description: A match condition that incoming traffic is evaluated + against. If it evaluates to true, the corresponding action + is enforced. + properties: + config: + description: The configuration options available when specifying + versioned_expr. This field must be specified if versioned_expr + is specified and cannot be specified if versioned_expr + is not specified. + properties: + srcIpRanges: + description: Set of IP addresses or ranges (IPV4 or + IPV6) in CIDR notation to match against inbound traffic. + There is a limit of 10 IP ranges per rule. A value + of '*' matches all IPs (can be used to override the + default behavior). + items: + type: string + type: array + required: + - srcIpRanges + type: object + expr: + description: User defined CEVAL expression. A CEVAL expression + is used to specify match criteria such as origin.ip, source.region_code + and contents in the request header. + properties: + expression: + description: Textual representation of an expression + in Common Expression Language syntax. The application + context of the containing message determines which + well-known feature set of CEL is supported. + type: string + required: + - expression + type: object + versionedExpr: + description: 'Predefined rule expression. If this field + is specified, config must also be specified. Available + options: SRC_IPS_V1: Must specify the corresponding + src_ip_ranges field in config.' + type: string + type: object + preconfiguredWafConfig: + description: Preconfigured WAF configuration to be applied for + the rule. If the rule does not evaluate preconfigured WAF + rules, i.e., if evaluatePreconfiguredWaf() is not used, this + field will have no effect. + properties: + exclusion: + description: An exclusion to apply during preconfigured + WAF evaluation. + items: + properties: + requestCookie: + description: Request cookie whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestHeader: + description: Request header whose value will be excluded + from inspection during preconfigured WAF evaluation. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestQueryParam: + description: Request query parameter whose value will + be excluded from inspection during preconfigured + WAF evaluation. Note that the parameter can be + in the query string or in the POST body. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + requestUri: + description: Request URI from the request line to + be excluded from inspection during preconfigured + WAF evaluation. When specifying this field, the + query or fragment part should be excluded. + items: + properties: + operator: + description: 'You can specify an exact match + or a partial match by using a field operator + and a field value. Available options: EQUALS: + The operator matches if the field value equals + the specified value. STARTS_WITH: The operator + matches if the field value starts with the + specified value. ENDS_WITH: The operator matches + if the field value ends with the specified + value. CONTAINS: The operator matches if the + field value contains the specified value. + EQUALS_ANY: The operator matches if the field + value is any value.' + type: string + value: + description: A request field matching the specified + value will be excluded from inspection during + preconfigured WAF evaluation. The field value + must be given if the field operator is not + EQUALS_ANY, and cannot be given if the field + operator is EQUALS_ANY. + type: string + required: + - operator + type: object + type: array + targetRuleIds: + description: A list of target rule IDs under the WAF + rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under + the WAF rule set. + items: + type: string + type: array + targetRuleSet: + description: Target WAF rule set to apply the preconfigured + WAF exclusion. + type: string + required: + - targetRuleSet + type: object + type: array + type: object + preview: + description: When set to true, the action specified above is + not enforced. Stackdriver logs for requests that trigger a + preview action are annotated as such. + type: boolean + priority: + description: An unique positive integer indicating the priority + of evaluation for a rule. Rules are evaluated from highest + priority (lowest numerically) to lowest priority (highest + numerically) in order. + type: integer + rateLimitOptions: + description: Rate limit threshold for this security policy. + Must be specified if the action is "rate_based_ban" or "throttle". + Cannot be specified for any other actions. + properties: + banDurationSec: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, determines the + time (in seconds) the traffic will continue to be banned + by the rate limit after the rate falls below the threshold. + type: integer + banThreshold: + description: Can only be specified if the action for the + rule is "rate_based_ban". If specified, the key will be + banned for the configured 'banDurationSec' when the number + of requests that exceed the 'rateLimitThreshold' also + exceed this 'banThreshold'. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + conformAction: + description: Action to take for requests that are under + the configured rate limit threshold. Valid option is "allow" + only. + type: string + enforceOnKey: + description: Determines the key to enforce the rateLimitThreshold + on. + type: string + enforceOnKeyConfigs: + description: Immutable. Enforce On Key Config of this security + policy. + items: + properties: + enforceOnKeyName: + description: 'Rate limit key name applicable only + for the following key types: HTTP_HEADER -- Name + of the HTTP header whose value is taken as the key + value. HTTP_COOKIE -- Name of the HTTP cookie whose + value is taken as the key value.' + type: string + enforceOnKeyType: + description: Determines the key to enforce the rate_limit_threshold + on. + type: string + type: object + type: array + enforceOnKeyName: + description: 'Rate limit key name applicable only for the + following key types: HTTP_HEADER -- Name of the HTTP header + whose value is taken as the key value. HTTP_COOKIE -- + Name of the HTTP cookie whose value is taken as the key + value.' + type: string + exceedAction: + description: Action to take for requests that are above + the configured rate limit threshold, to either deny with + a specified HTTP response code, or redirect to a different + endpoint. Valid options are "deny()" where valid values + for status are 403, 404, 429, and 502, and "redirect" + where the redirect parameters come from exceedRedirectOptions + below. + type: string + exceedRedirectOptions: + description: Parameters defining the redirect action that + is used as the exceed action. Cannot be specified if the + exceed action is not redirect. + properties: + target: + description: Target for the redirect action. This is + required if the type is EXTERNAL_302 and cannot be + specified for GOOGLE_RECAPTCHA. + type: string + type: + description: Type of the redirect action. + type: string + required: + - type + type: object + rateLimitThreshold: + description: Threshold at which to begin ratelimiting. + properties: + count: + description: Number of HTTP(S) requests for calculating + the threshold. + type: integer + intervalSec: + description: Interval over which the threshold is computed. + type: integer + required: + - count + - intervalSec + type: object + required: + - conformAction + - exceedAction + - rateLimitThreshold + type: object + redirectOptions: + description: Parameters defining the redirect action. Cannot + be specified for any other actions. + properties: + target: + description: Target for the redirect action. This is required + if the type is EXTERNAL_302 and cannot be specified for + GOOGLE_RECAPTCHA. + type: string + type: + description: 'Type of the redirect action. Available options: + EXTERNAL_302: Must specify the corresponding target field + in config. GOOGLE_RECAPTCHA: Cannot specify target field + in config.' + type: string + required: + - type + type: object + required: + - action + - match + - priority + type: object + type: array + type: + description: The type indicates the intended use of the security policy. + CLOUD_ARMOR - Cloud Armor backend security policies can be configured + to filter incoming HTTP requests targeting backend services. They + filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE + - Cloud Armor edge security policies can be configured to filter + incoming HTTP requests targeting backend services (including Cloud + CDN-enabled) as well as backend buckets (Cloud Storage). They filter + requests before the request is served from Google's cache. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: computeserviceattachments.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeServiceAttachment + plural: computeserviceattachments + shortNames: + - gcpcomputeserviceattachment + - gcpcomputeserviceattachments + singular: computeserviceattachment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + connectionPreference: + description: 'The connection preference of service attachment. The + value can be set to `ACCEPT_AUTOMATIC`. An `ACCEPT_AUTOMATIC` service + attachment is one that always accepts the connection from consumer + forwarding rules. Possible values: CONNECTION_PREFERENCE_UNSPECIFIED, + ACCEPT_AUTOMATIC, ACCEPT_MANUAL' + type: string + consumerAcceptLists: + description: Projects that are allowed to connect to this service + attachment. + items: + properties: + connectionLimit: + description: The value of the limit to set. + format: int64 + type: integer + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project id or number for the project to set the limit for. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + type: array + consumerRejectLists: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name + of a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + description: + description: An optional description of this resource. Provide this + property when you create the resource. + type: string + enableProxyProtocol: + description: Immutable. If true, enable the proxy protocol which is + for supplying client TCP/IP address data in TCP connections that + traverse proxies on their way to destination servers. + type: boolean + location: + description: Immutable. The location for the resource + type: string + natSubnets: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + targetServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The URL of a service serving the endpoint identified by this service attachment. + + Allowed value: The `selfLink` field of a `ComputeForwardingRule` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - connectionPreference + - location + - natSubnets + - projectRef + - targetServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + connectedEndpoints: + description: An array of connections for all the consumers connected + to this service attachment. + items: + properties: + endpoint: + description: The url of a connected endpoint. + type: string + pscConnectionId: + description: The PSC connection id of the connected endpoint. + format: int64 + type: integer + status: + description: 'The status of a connected endpoint to this service + attachment. Possible values: PENDING, RUNNING, DONE' + type: string + type: object + type: array + fingerprint: + description: Fingerprint of this resource. This field is used internally + during updates of this resource. + type: string + id: + description: The unique identifier for the resource type. The server + generates this identifier. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pscServiceAttachmentId: + description: An 128-bit global unique ID of the PSC service attachment. + properties: + high: + format: int64 + type: integer + low: + format: int64 + type: integer + type: object + region: + description: URL of the region where the service attachment resides. + This field applies only to the region resource. You must specify + this field as part of the HTTP request URL. It is not settable as + a field in the request body. + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpchostprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCHostProject + plural: computesharedvpchostprojects + shortNames: + - gcpcomputesharedvpchostproject + - gcpcomputesharedvpchostprojects + singular: computesharedvpchostproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesharedvpcserviceprojects.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSharedVPCServiceProject + plural: computesharedvpcserviceprojects + shortNames: + - gcpcomputesharedvpcserviceproject + - gcpcomputesharedvpcserviceprojects + singular: computesharedvpcserviceproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + description: "The deletion policy for the shared VPC service. Setting + ABANDON allows the resource\n\t\t\t\tto be abandoned rather than + deleted. Possible values are: \"ABANDON\"." + type: string + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesnapshots.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSnapshot + plural: computesnapshots + shortNames: + - gcpcomputesnapshot + - gcpcomputesnapshots + singular: computesnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + chainName: + description: "Immutable. Creates the new snapshot in the snapshot + chain labeled with the \nspecified name. The chain name must be + 1-63 characters long and \ncomply with RFC1035. This is an uncommon + option only for advanced \nservice owners who needs to create separate + snapshot chains, for \nexample, for chargeback tracking. When you + describe your snapshot \nresource, this field is visible only if + it has a non-empty value." + type: string + description: + description: Immutable. An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + snapshotEncryptionKey: + description: |- + Immutable. Encrypts the snapshot using a customer-supplied encryption key. + + After you encrypt a snapshot using a customer-supplied key, you must + provide the same key if you use the snapshot later. For example, you + must provide the encryption key when you create a disk from the + encrypted snapshot in a future request. + + Customer-supplied encryption keys do not protect access to metadata of + the snapshot. + + If you do not provide an encryption key when creating the snapshot, + then the snapshot will be encrypted using an automatically generated + key and you do not need to provide a key to use the snapshot later. + properties: + kmsKeyRef: + description: The encryption key that is stored in Google Cloud + KMS. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sha256: + description: |- + The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied + encryption key that protects this resource. + type: string + type: object + sourceDiskEncryptionKey: + description: |- + Immutable. The customer-supplied encryption key of the source snapshot. Required + if the source snapshot is protected by a customer-supplied encryption + key. + properties: + kmsKeyServiceAccountRef: + description: |- + The service account used for the encryption request for the given KMS key. + If absent, the Compute Engine Service Agent service account is used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + rawKey: + description: |- + Immutable. Specifies a 256-bit customer-supplied encryption key, encoded in + RFC 4648 base64 to either encrypt or decrypt this resource. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + sourceDiskRef: + description: A reference to the disk used to create this snapshot. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeDisk` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageLocations: + description: Immutable. Cloud Storage bucket storage location of the + snapshot (regional or multi-regional). + items: + type: string + type: array + zone: + description: Immutable. A reference to the zone where the disk is + hosted. + type: string + required: + - sourceDiskRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + diskSizeGb: + description: Size of the snapshot, specified in GB. + type: integer + labelFingerprint: + description: |- + The fingerprint used for optimistic locking of this resource. Used + internally during updates. + type: string + licenses: + description: |- + A list of public visible licenses that apply to this snapshot. This + can be because the original image had licenses attached (such as a + Windows image). snapshotEncryptionKey nested object Encrypts the + snapshot using a customer-supplied encryption key. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + snapshotId: + description: The unique identifier for the resource. + type: integer + storageBytes: + description: |- + A size of the storage used by the snapshot. As snapshots share + storage, this number is expected to change with snapshot + creation/deletion. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslcertificates.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLCertificate + plural: computesslcertificates + shortNames: + - gcpcomputesslcertificate + - gcpcomputesslcertificates + singular: computesslcertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificate: + description: |- + Immutable. The certificate in PEM format. + The certificate chain must be no greater than 5 certs long. + The chain must include at least one intermediate cert. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeSSLCertificate. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + privateKey: + description: Immutable. The write-only private key in PEM format. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - key + - name + type: object + type: object + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - certificate + - location + - privateKey + type: object + status: + properties: + certificateId: + description: The unique identifier for the resource. + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + expireTime: + description: Expire time of the certificate in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesslpolicies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSSLPolicy + plural: computesslpolicies + shortNames: + - gcpcomputesslpolicy + - gcpcomputesslpolicies + singular: computesslpolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + customFeatures: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. This can be one of + 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for which ciphers are available to use. **Note**: this argument + *must* be present when using the 'CUSTOM' profile. This argument + *must not* be present when using any other profile. + items: + type: string + type: array + description: + description: Immutable. An optional description of this resource. + type: string + minTlsVersion: + description: |- + The minimum version of SSL protocol that can be used by the clients + to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]. + type: string + profile: + description: |- + Profile specifies the set of SSL features that can be used by the + load balancer when negotiating SSL with clients. If using 'CUSTOM', + the set of SSL features to enable must be specified in the + 'customFeatures' field. + + See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) + for information on what cipher suites each profile provides. If + 'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + enabledFeatures: + description: The list of features enabled in the SSL policy. + items: + type: string + type: array + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in this + object. This field is used in optimistic locking. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computesubnetworks.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeSubnetwork + plural: computesubnetworks + shortNames: + - gcpcomputesubnetwork + - gcpcomputesubnetworks + singular: computesubnetwork + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Immutable. An optional description of this resource. Provide this property when + you create the resource. This field can be set only at resource + creation time. + type: string + ipCidrRange: + description: |- + The range of internal addresses that are owned by this subnetwork. + Provide this property when you create the subnetwork. For example, + 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and + non-overlapping within a network. Only IPv4 is supported. + type: string + ipv6AccessType: + description: |- + The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation + or the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet + cannot enable direct path. Possible values: ["EXTERNAL", "INTERNAL"]. + type: string + logConfig: + description: |- + Denotes the logging options for the subnetwork flow logs. If logging is enabled + logs will be exported to Stackdriver. This field cannot be set if the 'purpose' of this + subnetwork is 'INTERNAL_HTTPS_LOAD_BALANCER'. + properties: + aggregationInterval: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Toggles the aggregation interval for collecting flow logs. Increasing the + interval time will reduce the amount of generated flow logs for long + lasting connections. Default is an interval of 5 seconds per connection. Default value: "INTERVAL_5_SEC" Possible values: ["INTERVAL_5_SEC", "INTERVAL_30_SEC", "INTERVAL_1_MIN", "INTERVAL_5_MIN", "INTERVAL_10_MIN", "INTERVAL_15_MIN"]. + type: string + filterExpr: + description: |- + Export filter used to define which VPC flow logs should be logged, as as CEL expression. See + https://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field. + The default value is 'true', which evaluates to include everything. + type: string + flowSampling: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + The value of the field must be in [0, 1]. Set the sampling rate of VPC + flow logs within the subnetwork where 1.0 means all collected logs are + reported and 0.0 means no logs are reported. Default is 0.5 which means + half of all collected logs are reported. + type: number + metadata: + description: |- + Can only be specified if VPC flow logging for this subnetwork is enabled. + Configures whether metadata fields should be added to the reported VPC + flow logs. Default value: "INCLUDE_ALL_METADATA" Possible values: ["EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA", "CUSTOM_METADATA"]. + type: string + metadataFields: + description: |- + List of metadata fields that should be added to reported logs. + Can only be specified if VPC flow logs for this subnetwork is enabled and "metadata" is set to CUSTOM_METADATA. + items: + type: string + type: array + type: object + networkRef: + description: |- + The network this subnet belongs to. Only networks that are in the + distributed mode can have subnetworks. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + privateIpGoogleAccess: + description: |- + When enabled, VMs in this subnetwork without external IP addresses can + access Google APIs and services by using Private Google Access. + type: boolean + privateIpv6GoogleAccess: + description: The private IPv6 google access type for the VMs in this + subnet. + type: string + purpose: + description: |- + Immutable. The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. + A subnetwork with purpose set to 'INTERNAL_HTTPS_LOAD_BALANCER' is a user-created subnetwork that is reserved for Internal HTTP(S) Load Balancing. + A subnetwork in a given region with purpose set to 'REGIONAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the regional Envoy-based load balancers. + If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'. + The enableFlowLogs field isn't supported with the purpose field set to 'INTERNAL_HTTPS_LOAD_BALANCER'. + type: string + region: + description: Immutable. The GCP region for this subnetwork. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + role: + description: |- + The role of subnetwork. + The value can be set to 'ACTIVE' or 'BACKUP'. + An 'ACTIVE' subnetwork is one that is currently being used. + A 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. + + Subnetwork role must be specified when purpose is set to 'INTERNAL_HTTPS_LOAD_BALANCER' or 'REGIONAL_MANAGED_PROXY'. Possible values: ["ACTIVE", "BACKUP"]. + type: string + secondaryIpRange: + items: + properties: + ipCidrRange: + description: |- + The range of IP addresses belonging to this subnetwork secondary + range. Provide this property when you create the subnetwork. + Ranges must be unique and non-overlapping with all primary and + secondary IP ranges within a network. Only IPv4 is supported. + type: string + rangeName: + description: |- + The name associated with this subnetwork secondary range, used + when adding an alias IP range to a VM instance. The name must + be 1-63 characters long, and comply with RFC1035. The name + must be unique within the subnetwork. + type: string + required: + - ipCidrRange + - rangeName + type: object + type: array + stackType: + description: |- + The stack type for this subnet to identify whether the IPv6 feature is enabled or not. + If not specified IPV4_ONLY will be used. Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string + required: + - ipCidrRange + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + externalIpv6Prefix: + description: The range of external IPv6 addresses that are owned by + this subnetwork. + type: string + fingerprint: + description: DEPRECATED. This field is not useful for users, and has + been removed as an output. Fingerprint of this resource. This field + is used internally during updates of this resource. + type: string + gatewayAddress: + description: |- + The gateway address for default routes to reach destination addresses + outside this subnetwork. + type: string + ipv6CidrRange: + description: The range of internal IPv6 addresses that are owned by + this subnetwork. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetgrpcproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetGRPCProxy + plural: computetargetgrpcproxies + shortNames: + - gcpcomputetargetgrpcproxy + - gcpcomputetargetgrpcproxies + singular: computetargetgrpcproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional description of this resource. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + The UrlMap resource that defines the mapping from URL to the BackendService. + The protocol field in the BackendService must be set to GRPC. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + validateForProxyless: + description: |- + Immutable. If true, indicates that the BackendServices referenced by + the urlMap may be accessed by gRPC applications without using + a sidecar proxy. This will enable configuration checks on urlMap + and its referenced BackendServices to not allow unsupported features. + A gRPC application must use "xds:///" scheme in the target URI + of the service it is connecting to. If false, indicates that the + BackendServices referenced by the urlMap will be accessed by gRPC + applications via a sidecar proxy. In this case, a gRPC application + must not use "xds:///" scheme in the target URI of the service + it is connecting to. + type: boolean + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + fingerprint: + description: |- + Fingerprint of this resource. A hash of the contents stored in + this object. This field is used in optimistic locking. This field + will be ignored when inserting a TargetGrpcProxy. An up-to-date + fingerprint must be provided in order to patch/update the + TargetGrpcProxy; otherwise, the request will fail with error + 412 conditionNotMet. To see the latest fingerprint, make a get() + request to retrieve the TargetGrpcProxy. A base64-encoded string. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + selfLinkWithId: + description: Server-defined URL with id for the resource. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPProxy + plural: computetargethttpproxies + shortNames: + - gcpcomputetargethttpproxy + - gcpcomputetargethttpproxies + singular: computetargethttpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargethttpsproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetHTTPSProxy + plural: computetargethttpsproxies + shortNames: + - gcpcomputetargethttpsproxy + - gcpcomputetargethttpsproxies + singular: computetargethttpsproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + certificateMapRef: + description: |- + Only the `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This field + can only be set for global target proxies. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `//certificatemanager.googleapis.com/projects/{{project}}/locations/{{location}}/certificateMaps/{{value}}`, + where {{value}} is the `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + location: + description: 'Location represents the geographical location of the + ComputeTargetHTTPSProxy. Specify a region name or "global" for global + resources. Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + quicOverride: + description: |- + Specifies the QUIC override policy for this resource. This determines + whether the load balancer will attempt to negotiate QUIC with clients + or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is + specified, uses the QUIC policy with no user overrides, which is + equivalent to DISABLE. Default value: "NONE" Possible values: ["NONE", "ENABLE", "DISABLE"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. At + least one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the ComputeTargetHTTPSProxy resource. If not set, + the ComputeTargetHTTPSProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + urlMapRef: + description: |- + A reference to the ComputeURLMap resource that defines the mapping + from URL to the BackendService. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeURLMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - urlMapRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetinstances.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetInstance + plural: computetargetinstances + shortNames: + - gcpcomputetargetinstance + - gcpcomputetargetinstances + singular: computetargetinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + instanceRef: + description: The ComputeInstance handling traffic for this target + instance. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + natPolicy: + description: |- + Immutable. NAT option controlling how IPs are NAT'ed to the instance. + Currently only NO_NAT (default value) is supported. Default value: "NO_NAT" Possible values: ["NO_NAT"]. + type: string + networkRef: + description: |- + The network this target instance uses to forward + traffic. If not specified, the traffic will be forwarded to the network + that the default network interface belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + zone: + description: Immutable. URL of the zone where the target instance + resides. + type: string + required: + - instanceRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetpools.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetPool + plural: computetargetpools + shortNames: + - gcpcomputetargetpool + - gcpcomputetargetpools + singular: computetargetpool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupTargetPoolRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeTargetPool` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. Textual description field. + type: string + failoverRatio: + description: Immutable. Ratio (0 to 1) of failed nodes before using + the backup pool (which must also be set). + type: number + healthChecks: + items: + properties: + httpHealthCheckRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeHTTPHealthCheck` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + region: + description: Immutable. Where the target pool resides. Defaults to + project region. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionAffinity: + description: Immutable. How to distribute load. Options are "NONE" + (no affinity). "CLIENT_IP" (hash of the source/dest addresses / + ports), and "CLIENT_IP_PROTO" also includes the protocol (default + "NONE"). + type: string + required: + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The URI of the created resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetsslproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetSSLProxy + plural: computetargetsslproxies + shortNames: + - gcpcomputetargetsslproxy + - gcpcomputetargetsslproxies + singular: computetargetsslproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateMapRef: + description: |- + Only `external` field is supported to configure the reference. + + A reference to the CertificateMap resource uri that identifies a + certificate map associated with the given target proxy. This + field can only be set for global target proxies. Accepted format is + '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `CertificateManagerCertificateMap` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sslCertificates: + items: + description: |- + A list of ComputeSSLCertificate resources that are used to + authenticate connections between users and the load balancer. + Currently, exactly one SSL certificate must be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLCertificate` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + sslPolicyRef: + description: |- + A reference to the ComputeSSLPolicy resource that will be + associated with the TargetSslProxy resource. If not set, the + ComputeTargetSSLProxy resource will not have any SSL policy + configured. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSSLPolicy` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargettcpproxies.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetTCPProxy + plural: computetargettcpproxies + shortNames: + - gcpcomputetargettcpproxy + - gcpcomputetargettcpproxies + singular: computetargettcpproxy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backendServiceRef: + description: A reference to the ComputeBackendService resource. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. An optional description of this resource. + type: string + proxyBind: + description: |- + Immutable. This field only applies when the forwarding rule that references + this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. + type: boolean + proxyHeader: + description: |- + Specifies the type of proxy header to append before sending data to + the backend. Default value: "NONE" Possible values: ["NONE", "PROXY_V1"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - backendServiceRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + proxyId: + description: The unique identifier for the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computetargetvpngateways.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeTargetVPNGateway + plural: computetargetvpngateways + shortNames: + - gcpcomputetargetvpngateway + - gcpcomputetargetvpngateways + singular: computetargetvpngateway + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. An optional description of this resource. + type: string + networkRef: + description: The network this VPN gateway is accepting traffic for. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region this gateway should sit in. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - networkRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTimestamp: + description: Creation timestamp in RFC3339 text format. + type: string + gatewayId: + description: The unique identifier for the resource. + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: computeurlmaps.compute.cnrm.cloud.google.com +spec: + group: compute.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ComputeURLMap + plural: computeurlmaps + shortNames: + - gcpcomputeurlmap + - gcpcomputeurlmaps + singular: computeurlmap + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + Only one of defaultRouteAction or defaultUrlRedirect must be set. + URL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction. + defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. + Default is false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regualar expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, the setting specifies the CORS policy + is disabled. The default value of false, which indicates + that the CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. + Similarly requests from clients can be aborted by the load balancer for a percentage of requests. + timeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. + Fault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management). + properties: + abort: + description: The specification for how client requests are + aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests are + delayed as part of fault injection, before being sent to + a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + backendServiceRef: + description: |- + The backend service resource being mirrored to. + The backend service configured for a mirroring policy must reference + backends that are of the same type as the original backend service + matched in the URL map. + Serverless NEG backends are not currently supported as a mirrored + backend service. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + retryPolicy: + description: Specifies the retry policy associated with this route. + properties: + numRetries: + description: Specifies the allowed number retries. This number + must be > 0. If not specified, defaults to 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry policy applies. + Valid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable. + - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. + - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504. + - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. + - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. + - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled. + - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. + - internal : a retry is attempted if the gRPC status code in the response header is set to internal. + - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. + - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries. + If not specified, this field uses the largest timeout among all backend services associated with the route. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + nanos: + description: Span of time that's a fraction of a second at + nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos + field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: 'Span of time at a resolution of a second. Must + be from 0 to 315,576,000,000 inclusive. Note: these bounds + are computed from: 60 sec/min * 60 min/hr * 24 hr/day * + 365.25 days/year * 10000 years.' + type: string + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, before forwarding the request to the matched service. + urlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers. + Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true. + properties: + hostRewrite: + description: |- + Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. + The value must be from 1 to 255 characters. + type: string + pathPrefixRewrite: + description: |- + Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. + The value must be from 1 to 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. + After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for the selected backendService. + headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. + Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request before + forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: A list of header names for headers that + need to be removed from the request before forwarding + the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response before sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. + The default value is false. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: A list of header names for headers that + need to be removed from the response before sending + the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . + The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. + The value must be from 0 to 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The defaultService resource to which traffic is directed if none of + the hostRules match. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If defaultRouteAction is additionally specified, advanced routing + actions like URL Rewrites, etc. take effect prior to sending the + request to the backend. However, if defaultService is specified, + defaultRouteAction cannot contain any weightedBackendServices. + Conversely, if routeAction specifies any weightedBackendServices, + service must not be specified. Only one of defaultService, + defaultUrlRedirect or defaultRouteAction.weightedBackendService + must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeBackendService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: |- + An optional description of this resource. Provide this property when + you create the resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here take effect after + headerAction specified under pathMatcher. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending the + response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + hostRule: + description: The list of HostRules to use against the URL. + items: + properties: + description: + description: |- + An optional description of this HostRule. Provide this property + when you create the resource. + type: string + hosts: + description: |- + The list of host patterns to match. They must be valid + hostnames, except * will match any string of ([a-z0-9-.]*). In + that case, * must be the first character and must be followed in + the pattern by either - or .. + items: + type: string + type: array + pathMatcher: + description: |- + The name of the PathMatcher to use to match the path portion of + the URL if the hostRule matches the URL's host portion. + type: string + required: + - hosts + - pathMatcher + type: object + type: array + location: + description: 'Location represents the geographical location of the + ComputeURLMap. Specify a region name or "global" for global resources. + Reference: GCP definition of regions/zones (https://cloud.google.com/compute/docs/regions-zones/)' + type: string + pathMatcher: + description: The list of named PathMatchers to use against the URL. + items: + properties: + defaultRouteAction: + description: |- + defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs + advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request + to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. + Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. + + Only one of defaultRouteAction or defaultUrlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see + [W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/). + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + This translates to the Access-Control-Allow-Credentials header. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For regular expression grammar + please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy is disabled. + The default value is false, which indicates that the + CORS policy is in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached in seconds. + This translates to the Access-Control-Max-Age header. + type: integer + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. + As part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a + percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted + by the Loadbalancer for a percentage of requests. + + timeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy. + properties: + abort: + description: The specification for how client requests + are aborted as part of fault injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. + The value must be between 200 and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + delay: + description: The specification for how client requests + are delayed as part of fault injection, before being + sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed delay + interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection. + The value must be between 0.0 and 100.0 inclusive. + type: number + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. + Loadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service, + the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated with + this route. + properties: + numRetries: + description: Specifies the allowed number retries. This + number must be > 0. If not specified, defaults to + 1. + type: integer + perTryTimeout: + description: |- + Specifies a non-zero timeout per retry attempt. + + If not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set, + will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are + represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + retryConditions: + description: |- + Specfies one or more conditions when this retry rule applies. Valid values are: + + * 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code, + or if the backend service does not respond at all, example: disconnects, reset, read timeout, + * connection failure, and refused streams. + * gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. + * connect-failure: Loadbalancer will retry on failures connecting to backend services, + for example due to connection timeouts. + * retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + * refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code. + This reset type indicates that it is safe to retry. + * cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled + * deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded + * resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted + * unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time the request has been + fully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries. + + If not specified, will use the largest timeout among all backend services associated with the route. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented + with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. + Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years. + type: string + type: object + urlRewrite: + description: The spec to modify the URL of the request, + prior to forwarding the request to the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host header is replaced + with contents of hostRewrite. + + The value must be between 1 and 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching portion of the + request's path is replaced by pathPrefixRewrite. + + The value must be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match occurs. + The weights determine the fraction of traffic that flows to their corresponding backend service. + If all traffic needs to go to a single backend service, there must be one weightedBackendService + with weight set to a non 0 number. + + Once a backendService is identified and before forwarding the request to the backend service, + advanced routing actions like Url rewrites and header transformations are applied depending on + additional settings specified in this HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + The default backend service resource. + Before forwarding the request to backendService, the loadbalancer + applies any relevant headerActions specified as part of this + backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. + + headerAction specified here take effect before headerAction in the enclosing + HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: Headers to add to a matching request + prior to forwarding the request to the backendService. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request prior to + forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior + to sending the response back to the client. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the header. + If true, headerValue is set for the header, discarding any values that were set for that header. + type: boolean + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response prior to sending the + response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as + weight / (sum of all weightedBackendService weights in routeAction) . + + The selection of a backend service is determined only for new traffic. Once a user's request + has been directed to a backendService, subsequent requests will be sent to the same backendService + as determined by the BackendService's session affinity policy. + + The value must be between 0 and 1000. + type: integer + type: object + type: array + type: object + defaultService: + description: |- + The default service to use if none of the pathRules defined by this + PathMatcher is matched by the URL's path portion. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + defaultUrlRedirect: + description: |- + When none of the specified hostRules match, the request is redirected to a URL specified + by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or + defaultRouteAction must not be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one that was + supplied in the request. The value must be between 1 and 255 characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to + false, the URL scheme of the redirected request will remain the same as that of the + request. This must only be set for UrlMaps used in TargetHttpProxys. Setting this + true for TargetHttpsProxy is not permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was + supplied in the request. pathRedirect cannot be supplied together with + prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the + original request will be used for the redirect. The value must be between 1 and 1024 + characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, + retaining the remaining portion of the URL before redirecting the request. + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or + neither. If neither is supplied, the path of the original request will be used for + the redirect. The value must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed prior + to redirecting the request. If set to false, the query portion of the original URL is + retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + description: + description: An optional description of this resource. + type: string + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. HeaderAction specified here are applied after the + matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to sending + the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + name: + description: The name to which this PathMatcher is referred + by the HostRule. + type: string + pathRule: + description: |- + The list of path rules. Use this list instead of routeRules when routing based + on simple path matching is all that's required. The order by which path rules + are specified does not matter. Matches are always done on the longest-path-first + basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* + irrespective of the order in which those paths appear in this list. Within a + given pathMatcher, only one of pathRules or routeRules must be set. + items: + properties: + paths: + description: |- + The list of path patterns to match. Each must start with / and the only place a + \* is allowed is at the end following a /. The string fed to the path matcher + does not include any text after the first ? or #, and those chars are not + allowed here. + items: + type: string + type: array + routeAction: + description: |- + In response to a matching path, the load balancer performs advanced routing + actions like URL rewrites, header transformations, etc. prior to forwarding the + request to the selected backend. If routeAction specifies any + weightedBackendServices, service must not be set. Conversely if service is set, + routeAction cannot contain any weightedBackendServices. Only one of routeAction + or urlRedirect must be set. + properties: + corsPolicy: + description: |- + The specification for allowing client side cross-origin requests. Please see W3C + Recommendation for Cross Origin Resource Sharing. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the + actual request can include user credentials. This translates to the Access- + Control-Allow-Credentials header. Defaults to false. + type: boolean + allowHeaders: + description: Specifies the content for the Access-Control-Allow-Headers + header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the Access-Control-Allow-Methods + header. + items: + type: string + type: array + allowOriginRegexes: + description: |- + Specifies the regular expression patterns that match allowed origins. For + regular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript + An origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. An + origin is allowed if it matches either allow_origins or allow_origin_regex. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. + type: boolean + exposeHeaders: + description: Specifies the content for the Access-Control-Expose-Headers + header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long the results of a preflight request can be cached. This + translates to the content for the Access-Control-Max-Age header. + type: integer + required: + - disabled + type: object + faultInjectionPolicy: + description: |- + The specification for fault injection introduced into traffic to test the + resiliency of clients to backend service failure. As part of fault injection, + when clients send requests to a backend service, delays can be introduced by + Loadbalancer on a percentage of requests before sending those request to the + backend service. Similarly requests from clients can be aborted by the + Loadbalancer for a percentage of requests. timeout and retry_policy will be + ignored by clients that are configured with a fault_injection_policy. + properties: + abort: + description: |- + The specification for how client requests are aborted as part of fault + injection. + properties: + httpStatus: + description: |- + The HTTP status code used to abort the request. The value must be between 200 + and 599 inclusive. + type: integer + percentage: + description: |- + The percentage of traffic (connections/operations/requests) which will be + aborted as part of fault injection. The value must be between 0.0 and 100.0 + inclusive. + type: number + required: + - httpStatus + - percentage + type: object + delay: + description: |- + The specification for how client requests are delayed as part of fault + injection, before being sent to a backend service. + properties: + fixedDelay: + description: Specifies the value of the fixed + delay interval. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + percentage: + description: |- + The percentage of traffic (connections/operations/requests) on which delay will + be introduced as part of fault injection. The value must be between 0.0 and + 100.0 inclusive. + type: number + required: + - fixedDelay + - percentage + type: object + type: object + requestMirrorPolicy: + description: |- + Specifies the policy on how requests intended for the route's backends are + shadowed to a separate mirrored backend service. Loadbalancer does not wait for + responses from the shadow service. Prior to sending traffic to the shadow + service, the host / authority header is suffixed with -shadow. + properties: + backendServiceRef: + description: Required. The backend service resource + being mirrored to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - backendServiceRef + type: object + retryPolicy: + description: Specifies the retry policy associated + with this route. + properties: + numRetries: + description: Specifies the allowed number retries. + This number must be > 0. + type: integer + perTryTimeout: + description: Specifies a non-zero timeout per + retry attempt. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + retryConditions: + description: |- + Specifies one or more conditions when this retry rule applies. Valid values are: + + - 5xx: Loadbalancer will attempt a retry if the backend service responds with + any 5xx response code, or if the backend service does not respond at all, + example: disconnects, reset, read timeout, connection failure, and refused + streams. + - gateway-error: Similar to 5xx, but only applies to response codes + 502, 503 or 504. + - connect-failure: Loadbalancer will retry on failures + connecting to backend services, for example due to connection timeouts. + - retriable-4xx: Loadbalancer will retry for retriable 4xx response codes. + Currently the only retriable error supported is 409. + - refused-stream: Loadbalancer will retry if the backend service resets the stream with a + REFUSED_STREAM error code. This reset type indicates that it is safe to retry. + - cancelled: Loadbalancer will retry if the gRPC status code in the response + header is set to cancelled + - deadline-exceeded: Loadbalancer will retry if the + gRPC status code in the response header is set to deadline-exceeded + - resource-exhausted: Loadbalancer will retry if the gRPC status code in the response + header is set to resource-exhausted + - unavailable: Loadbalancer will retry if + the gRPC status code in the response header is set to unavailable. + items: + type: string + type: array + type: object + timeout: + description: |- + Specifies the timeout for the selected route. Timeout is computed from the time + the request is has been fully processed (i.e. end-of-stream) up until the + response has been completely processed. Timeout includes all retries. If not + specified, the default value is 15 seconds. + properties: + nanos: + description: |- + Span of time that's a fraction of a second at nanosecond resolution. Durations + less than one second are represented with a 0 'seconds' field and a positive + 'nanos' field. Must be from 0 to 999,999,999 inclusive. + type: integer + seconds: + description: |- + Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 + inclusive. + type: string + required: + - seconds + type: object + urlRewrite: + description: |- + The spec to modify the URL of the request, prior to forwarding the request to + the matched service. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected service, the request's host + header is replaced with contents of hostRewrite. The value must be between 1 and + 255 characters. + type: string + pathPrefixRewrite: + description: |- + Prior to forwarding the request to the selected backend service, the matching + portion of the request's path is replaced by pathPrefixRewrite. The value must + be between 1 and 1024 characters. + type: string + type: object + weightedBackendServices: + description: |- + A list of weighted backend services to send traffic to when a route match + occurs. The weights determine the fraction of traffic that flows to their + corresponding backend service. If all traffic needs to go to a single backend + service, there must be one weightedBackendService with weight set to a non 0 + number. Once a backendService is identified and before forwarding the request to + the backend service, advanced routing actions like Url rewrites and header + transformations are applied depending on additional settings specified in this + HttpRouteAction. + items: + properties: + backendServiceRef: + description: |- + Required. The default backend service resource. Before forwarding + the request to backendService, the loadbalancer applies any relevant + headerActions specified as part of this backendServiceWeight. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. headerAction specified here take effect before + headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response + prior to sending the response back to + the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header + to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + weight: + description: |- + Specifies the fraction of traffic sent to backendService, computed as weight / + (sum of all weightedBackendService weights in routeAction) . The selection of a + backend service is determined only for new traffic. Once a user's request has + been directed to a backendService, subsequent requests will be sent to the same + backendService as determined by the BackendService's session affinity policy. + The value must be between 0 and 1000. + type: integer + required: + - backendServiceRef + - weight + type: object + type: array + type: object + service: + description: |- + The backend service to which traffic is directed if this rule is + matched. + For the Global URL Map, it should be a reference to the backend + service or backend bucket. + For the Regional URL Map, it should be a reference to the backend + service. + If routeAction is additionally specified, advanced routing actions + like URL Rewrites, etc. take effect prior to sending the request to + the backend. However, if service is specified, routeAction cannot + contain any weightedBackendServices. Conversely, if routeAction + specifies any weightedBackendServices, service must not be + specified. Only one of urlRedirect, service or + routeAction.weightedBackendService must be set. + oneOf: + - required: + - backendBucketRef + - required: + - backendServiceRef + properties: + backendBucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendBucket` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + backendServiceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field + of a `ComputeBackendService` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + urlRedirect: + description: |- + When a path pattern is matched, the request is redirected to a URL specified + by urlRedirect. If urlRedirect is specified, service or routeAction must not + be set. + properties: + hostRedirect: + description: |- + The host that will be used in the redirect response instead of the one + that was supplied in the request. The value must be between 1 and 255 + characters. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. + If set to false, the URL scheme of the redirected request will remain the + same as that of the request. This must only be set for UrlMaps used in + TargetHttpProxys. Setting this true for TargetHttpsProxy is not + permitted. The default is set to false. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one + that was supplied in the request. pathRedirect cannot be supplied + together with prefixRedirect. Supply one alone or neither. If neither is + supplied, the path of the original request will be used for the redirect. + The value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the + HttpRouteRuleMatch, retaining the remaining portion of the URL before + redirecting the request. prefixRedirect cannot be supplied together with + pathRedirect. Supply one alone or neither. If neither is supplied, the + path of the original request will be used for the redirect. The value + must be between 1 and 1024 characters. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. Supported values are: + + * MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. + + * FOUND, which corresponds to 302. + + * SEE_OTHER which corresponds to 303. + + * TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method + will be retained. + + * PERMANENT_REDIRECT, which corresponds to 308. In this case, + the request method will be retained. Possible values: ["FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT"]. + type: string + stripQuery: + description: |- + If set to true, any accompanying query portion of the original URL is removed + prior to redirecting the request. If set to false, the query portion of the + original URL is retained. + This field is required to ensure an empty block is not set. The normal default value is false. + type: boolean + required: + - stripQuery + type: object + required: + - paths + type: object + type: array + routeRules: + description: |- + The list of ordered HTTP route rules. Use this list instead of pathRules when + advanced route matching and routing actions are desired. The order of specifying + routeRules matters: the first rule that matches will cause its specified routing + action to take effect. Within a given pathMatcher, only one of pathRules or + routeRules must be set. routeRules are not supported in UrlMaps intended for + External load balancers. + items: + properties: + headerAction: + description: |- + Specifies changes to request and response headers that need to take effect for + the selected backendService. The headerAction specified here are applied before + the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r + outeAction.weightedBackendService.backendServiceWeightAction[].headerAction. + properties: + requestHeadersToAdd: + description: |- + Headers to add to a matching request prior to forwarding the request to the + backendService. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + requestHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the request + prior to forwarding the request to the backendService. + items: + type: string + type: array + responseHeadersToAdd: + description: Headers to add the response prior to + sending the response back to the client. + items: + properties: + headerName: + description: The name of the header. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + If false, headerValue is appended to any values that already exist for the + header. If true, headerValue is set for the header, discarding any values that + were set for that header. + type: boolean + required: + - headerName + - headerValue + - replace + type: object + type: array + responseHeadersToRemove: + description: |- + A list of header names for headers that need to be removed from the response + prior to sending the response back to the client. + items: + type: string + type: array + type: object + matchRules: + description: The rules for determining a match. + items: + properties: + fullPathMatch: + description: |- + For satisfying the matchRule condition, the path of the request must exactly + match the value specified in fullPathMatch after removing any query parameters + and anchor that may be part of the original URL. FullPathMatch must be between 1 + and 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must + be specified. + type: string + headerMatches: + description: |- + Specifies a list of header match criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: |- + The value should exactly match contents of exactMatch. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: string + headerName: + description: |- + The name of the HTTP header to match. For matching against the HTTP request's + authority, use a headerMatch with the header name ":authority". For matching a + request's method, use the headerName ":method". + type: string + invertMatch: + description: |- + If set to false, the headerMatch is considered a match if the match criteria + above are met. If set to true, the headerMatch is considered a match if the + match criteria above are NOT met. Defaults to false. + type: boolean + prefixMatch: + description: |- + The value of the header must start with the contents of prefixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + presentMatch: + description: |- + A header with the contents of headerName must exist. The match takes place + whether or not the request's header has a value or not. Only one of exactMatch, + prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. + type: boolean + rangeMatch: + description: |- + The header value must be an integer and its value must be in the range specified + in rangeMatch. If the header does not contain an integer, number or is empty, + the match fails. For example for a range [-5, 0] + + * -3 will match + * 0 will not match + * 0.25 will not match + * -3someString will not match. + + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + properties: + rangeEnd: + description: The end of the range (exclusive). + type: integer + rangeStart: + description: The start of the range (inclusive). + type: integer + required: + - rangeEnd + - rangeStart + type: object + regexMatch: + description: |- + The value of the header must match the regular expression specified in + regexMatch. For regular expression grammar, please see: + en.cppreference.com/w/cpp/regex/ecmascript For matching against a port + specified in the HTTP request, use a headerMatch with headerName set to PORT and + a regular expression that satisfies the RFC2616 Host header's port specifier. + Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or + rangeMatch must be set. + type: string + suffixMatch: + description: |- + The value of the header must end with the contents of suffixMatch. Only one of + exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch + must be set. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: |- + Specifies that prefixMatch and fullPathMatch matches are case sensitive. + Defaults to false. + type: boolean + metadataFilters: + description: |- + Opaque filter criteria used by Loadbalancer to restrict routing configuration to + a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS + clients present node metadata. If a match takes place, the relevant routing + configuration is made available to those proxies. For each metadataFilter in + this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the + filterLabels must match the corresponding label provided in the metadata. If its + filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match + with corresponding labels in the provided metadata. metadataFilters specified + here can be overrides those specified in ForwardingRule that refers to this + UrlMap. metadataFilters only applies to Loadbalancers that have their + loadBalancingScheme set to INTERNAL_SELF_MANAGED. items: properties: filterLabels: @@ -28491,7 +42247,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -28586,6 +42342,11 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + stackType: + description: |- + Immutable. The stack type for this VPN gateway to identify the IP protocols that are enbaled. + If not specified, IPV4_ONLY will be used. Default value: "IPV4_ONLY" Possible values: ["IPV4_ONLY", "IPV4_IPV6"]. + type: string vpnInterfaces: description: Immutable. A list of interfaces on this VPN gateway. items: @@ -28690,7 +42451,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -29062,7 +42823,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29378,7 +43139,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -29924,20 +43685,256 @@ spec: type: object type: array createTime: - description: Output only. The time this note was created. This field - can be used as a filter in list requests. - format: date-time + description: Output only. The time this note was created. This field + can be used as a filter in list requests. + format: date-time + type: string + image: + properties: + fingerprint: + properties: + v2Name: + description: 'Output only. The name of the image''s v2 blobs + computed via: ) Only the name of the final blob is kept.' + type: string + type: object + type: object + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time this note was last updated. This + field can be used as a filter in list requests. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containeranalysisoccurrences.containeranalysis.cnrm.cloud.google.com +spec: + group: containeranalysis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerAnalysisOccurrence + plural: containeranalysisoccurrences + shortNames: + - gcpcontaineranalysisoccurrence + - gcpcontaineranalysisoccurrences + singular: containeranalysisoccurrence + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attestation: + description: |- + Occurrence that represents a single "attestation". The authenticity + of an attestation can be verified using the attached signature. + If the verifier trusts the public key of the signer, then verifying + the signature is sufficient to establish trust. In this circumstance, + the authority to which this attestation is attached is primarily + useful for lookup (how to find this attestation if you already + know the authority and artifact to be verified) and intent (for + which authority this attestation was intended to sign. + properties: + serializedPayload: + description: |- + The serialized payload that is verified by one or + more signatures. A base64-encoded string. + type: string + signatures: + description: |- + One or more signatures over serializedPayload. + Verifier implementations should consider this attestation + message verified if at least one signature verifies + serializedPayload. See Signature in common.proto for more + details on signature structure and verification. + items: + properties: + publicKeyId: + description: |- + The identifier for the public key that verifies this + signature. MUST be an RFC3986 conformant + URI. * When possible, the key id should be an + immutable reference, such as a cryptographic digest. + Examples of valid values: + + * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr + for more details on this scheme. + * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA' + * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization): + * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU". + type: string + signature: + description: |- + The content of the signature, an opaque bytestring. + The payload that this signature verifies MUST be + unambiguously provided with the Signature during + verification. A wrapper message might provide the + payload explicitly. Alternatively, a message might + have a canonical serialization that can always be + unambiguously computed to derive the payload. + type: string + required: + - publicKeyId + type: object + type: array + required: + - serializedPayload + - signatures + type: object + noteName: + description: |- + Immutable. The analysis note associated with this occurrence, in the form of + projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a + filter in list requests. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + remediation: + description: A description of actions that can be taken to remedy + the note. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + resourceUri: + description: |- + Immutable. Required. Immutable. A URI that represents the resource for which + the occurrence applies. For example, + https://gcr.io/project/image@sha256:123abc for a Docker image. + type: string + required: + - attestation + - noteName + - projectRef + - resourceUri + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the repository was created. + type: string + kind: + description: |- + The note kind which explicitly denotes which of the occurrence + details are specified. This field can be used as a filter in list + requests. + type: string + name: + description: The name of the occurrence. type: string - image: - properties: - fingerprint: - properties: - v2Name: - description: 'Output only. The name of the image''s v2 blobs - computed via: ) Only the name of the final blob is kept.' - type: string - type: object - type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -29946,11 +43943,11 @@ spec: the resource. type: integer updateTime: - description: Output only. The time this note was last updated. This - field can be used as a filter in list requests. - format: date-time + description: The time when the repository was last updated. type: string type: object + required: + - spec type: object served: true storage: true @@ -29967,7 +43964,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -30558,6 +44555,15 @@ spec: cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + podCidrOverprovisionConfig: + description: Immutable. Configuration for cluster level pod cidr + overprovision. Default is disabled=false. + properties: + disabled: + type: boolean + required: + - disabled + type: object servicesIpv4CidrBlock: description: Immutable. The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the @@ -30572,6 +44578,11 @@ spec: services_ipv4_cidr_block can be used to automatically create a GKE-managed one. type: string + stackType: + description: Immutable. The IP Stack type of the cluster. Choose + between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not + set. + type: string type: object location: description: Immutable. The location (region or zone) in which the @@ -30609,222 +44620,1129 @@ spec: Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.' properties: - duration: + duration: + type: string + startTime: + type: string + required: + - startTime + type: object + maintenanceExclusion: + description: Exceptions to maintenance window. Non-emergency maintenance + should not occur in these windows. + items: + properties: + endTime: + type: string + exclusionName: + type: string + exclusionOptions: + description: Maintenance exclusion related options. + properties: + scope: + description: The scope of automatic upgrades to restrict + in the exclusion window. + type: string + required: + - scope + type: object + startTime: + type: string + required: + - endTime + - exclusionName + - startTime + type: object + type: array + recurringWindow: + description: Time window for recurring maintenance operations. + properties: + endTime: + type: string + recurrence: + type: string + startTime: + type: string + required: + - endTime + - recurrence + - startTime + type: object + type: object + masterAuth: + description: DEPRECATED. Basic authentication was removed for GKE + cluster versions >= 1.19. The authentication information for accessing + the Kubernetes master. Some values in this block are only returned + by the API if your service account has permission to get credentials + for your GKE cluster. If you see an unexpected diff unsetting your + client cert, ensure you have the container.clusters.getCredentials + permission. + properties: + clientCertificate: + description: Base64 encoded public certificate used by clients + to authenticate to the cluster endpoint. + type: string + clientCertificateConfig: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + properties: + issueClientCertificate: + description: Immutable. Whether client certificate authorization + is enabled for this cluster. + type: boolean + required: + - issueClientCertificate + type: object + clientKey: + description: Base64 encoded private key used by clients to authenticate + to the cluster endpoint. + type: string + clusterCaCertificate: + description: Base64 encoded public certificate that is the root + of trust for the cluster. + type: string + password: + description: The password to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: The username to use for HTTP basic authentication + when accessing the Kubernetes master endpoint. If not present + basic auth will be disabled. + type: string + type: object + masterAuthorizedNetworksConfig: + description: The desired configuration options for master authorized + networks. Omit the nested cidr_blocks attribute to disallow external + access (except the cluster node IPs, which GKE automatically whitelists). + properties: + cidrBlocks: + description: External networks that can access the Kubernetes + cluster master through HTTPS. + items: + properties: + cidrBlock: + description: External network that can access Kubernetes + master through HTTPS. Must be specified in CIDR notation. + type: string + displayName: + description: Field for users to identify CIDR blocks. + type: string + required: + - cidrBlock + type: object + type: array + gcpPublicCidrsAccessEnabled: + description: Whether master is accessbile via Google Compute Engine + Public IP addresses. + type: boolean + type: object + meshCertificates: + description: If set, and enable_certificates=true, the GKE Workload + Identity Certificates controller and node agent will be deployed + in the cluster. + properties: + enableCertificates: + description: When enabled the GKE Workload Identity Certificates + controller and node agent will be deployed in the cluster. + type: boolean + required: + - enableCertificates + type: object + minMasterVersion: + description: The minimum version of the master. GKE will auto-update + the master to new versions, so this does not guarantee the current + master version--use the read-only master_version field to obtain + that. If unset, the cluster's version will be set by GKE to the + version of the most recent official release (which is not necessarily + the latest version). + type: string + monitoringConfig: + description: Monitoring configuration for the cluster. + properties: + enableComponents: + description: GKE components exposing metrics. Valid values include + SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, + and WORKLOADS. + items: + type: string + type: array + managedPrometheus: + description: Configuration for Google Cloud Managed Services for + Prometheus. + properties: + enabled: + description: Whether or not the managed collection is enabled. + type: boolean + required: + - enabled + type: object + type: object + monitoringService: + description: The monitoring service that the cluster should write + metrics to. Automatically send metrics from pods in the cluster + to the Google Cloud Monitoring API. VM metrics will be collected + by Google Compute Engine regardless of this setting Available options + include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver + Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. + type: string + networkPolicy: + description: Configuration options for the NetworkPolicy feature. + properties: + enabled: + description: Whether network policy is enabled on the cluster. + type: boolean + provider: + description: The selected network policy provider. Defaults to + PROVIDER_UNSPECIFIED. + type: string + required: + - enabled + type: object + networkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkingMode: + description: Immutable. Determines whether alias IPs or routes will + be used for pod IPs in the cluster. + type: string + nodeConfig: + description: Immutable. The configuration of the nodepool. + properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object + bootDiskKMSCryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + diskSizeGb: + description: Immutable. Size of the disk attached to each node, + specified in GB. The smallest allowed disk size is 10GB. + type: integer + diskType: + description: Immutable. Type of the disk attached to each node. + Such as pd-standard, pd-balanced or pd-ssd. + type: string + ephemeralStorageConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + gcfsConfig: + description: Immutable. GCFS configuration for this node. + properties: + enabled: + description: Immutable. Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + guestAccelerator: + description: Immutable. List of the type and count of accelerator + cards attached to the instance. + items: + properties: + count: + description: Immutable. The number of the accelerator cards + exposed to an instance. + type: integer + gpuPartitionSize: + description: Immutable. Size of partitions to create on + the GPU. Valid values are described in the NVIDIA mig + user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + gpuSharingConfig: + description: Immutable. Configuration for GPU sharing. + properties: + gpuSharingStrategy: + description: Immutable. The type of GPU sharing strategy + to enable on the GPU node. Possible values are described + in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). + type: string + maxSharedClientsPerGpu: + description: Immutable. The maximum number of containers + that can share a GPU. + type: integer + required: + - gpuSharingStrategy + - maxSharedClientsPerGpu + type: object + type: + description: Immutable. The accelerator type resource name. + type: string + required: + - count + - type + type: object + type: array + gvnic: + description: Immutable. Enable or disable gvnic in the node pool. + properties: + enabled: + description: Immutable. Whether or not gvnic is enabled. + type: boolean + required: + - enabled + type: object + imageType: + description: The image type to use for this node. Note that for + a given image type, the latest version of it will be used. + type: string + kubeletConfig: + description: Node kubelet configs. + properties: + cpuCfsQuota: + description: Enable CPU CFS quota enforcement for containers + that specify CPU limits. + type: boolean + cpuCfsQuotaPeriod: + description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. + type: string + cpuManagerPolicy: + description: Control the CPU management policy on the node. + type: string + podPidsLimit: + description: Controls the maximum number of processes allowed + to run in a pod. + type: integer + required: + - cpuManagerPolicy + type: object + labels: + additionalProperties: + type: string + description: Immutable. The map of Kubernetes labels (key/value + pairs) to be applied to each node. These will added in addition + to any default label(s) that Kubernetes may apply to the node. + type: object + linuxNodeConfig: + description: Parameters that can be configured on Linux nodes. + properties: + sysctls: + additionalProperties: + type: string + description: The Linux kernel parameters to be applied to + the nodes and all pods running on the nodes. + type: object + required: + - sysctls + type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object + localSsdCount: + description: Immutable. The number of local SSD disks to be attached + to the node. + type: integer + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include DEFAULT + and MAX_THROUGHPUT. + type: string + machineType: + description: Immutable. The name of a Google Compute Engine machine + type. + type: string + metadata: + additionalProperties: + type: string + description: Immutable. The metadata key/value pairs assigned + to instances in the cluster. + type: object + minCpuPlatform: + description: Immutable. Minimum CPU platform to be used by this + instance. The instance may be scheduled on the specified or + newer CPU platform. + type: string + nodeGroupRef: + description: |- + Immutable. Setting this field will assign instances + of this pool to run on the specified node group. This is useful + for running workloads on sole tenant nodes. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeNodeGroup` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + oauthScopes: + description: Immutable. The set of Google API scopes to be made + available on all of the node VMs. + items: + type: string + type: array + preemptible: + description: Immutable. Whether the nodes are created as preemptible + VM instances. + type: boolean + reservationAffinity: + description: Immutable. The reservation affinity configuration + for the node pool. + properties: + consumeReservationType: + description: Immutable. Corresponds to the type of reservation + consumption. type: string - startTime: + key: + description: Immutable. The label key of a reservation resource. type: string + values: + description: Immutable. The label values of the reservation + resource. + items: + type: string + type: array required: - - startTime + - consumeReservationType type: object - maintenanceExclusion: - description: Exceptions to maintenance window. Non-emergency maintenance - should not occur in these windows. + resourceLabels: + additionalProperties: + type: string + description: The GCE resource labels (a map of key/value pairs) + to be applied to the node pool. + type: object + sandboxConfig: + description: Immutable. Sandbox configuration for this node. + properties: + sandboxType: + description: Type of the sandbox to use for the node (e.g. + 'gvisor'). + type: string + required: + - sandboxType + type: object + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + shieldedInstanceConfig: + description: Immutable. Shielded Instance options. + properties: + enableIntegrityMonitoring: + description: Immutable. Defines whether the instance has integrity + monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Defines whether the instance has Secure + Boot enabled. + type: boolean + type: object + spot: + description: Immutable. Whether the nodes are created as spot + VM instances. + type: boolean + tags: + description: The list of instance tags applied to all nodes. + items: + type: string + type: array + taint: + description: Immutable. List of Kubernetes taints to be applied + to each node. items: properties: - endTime: + effect: + description: Immutable. Effect for taint. type: string - exclusionName: + key: + description: Immutable. Key for taint. type: string - exclusionOptions: - description: Maintenance exclusion related options. - properties: - scope: - description: The scope of automatic upgrades to restrict - in the exclusion window. - type: string - required: - - scope - type: object - startTime: + value: + description: Immutable. Value for taint. type: string required: - - endTime - - exclusionName - - startTime + - effect + - key + - value type: object type: array - recurringWindow: - description: Time window for recurring maintenance operations. + workloadMetadataConfig: + description: Immutable. The workload metadata configuration for + this node. properties: - endTime: + mode: + description: Mode is the configuration for how to expose metadata + to workloads running on the node. type: string - recurrence: + nodeMetadata: + description: DEPRECATED. Deprecated in favor of mode. NodeMetadata + is the configuration for how to expose metadata to the workloads + running on the node. type: string - startTime: + type: object + type: object + nodeLocations: + description: The list of zones in which the cluster's nodes are located. + Nodes must be in the region of their regional cluster or in the + same region as their cluster's zone for zonal clusters. If this + is specified for a zonal cluster, omit the cluster's zone. + items: + type: string + type: array + nodePoolAutoConfig: + description: Node pool configs that apply to all auto-provisioned + node pools in autopilot clusters and node auto-provisioning enabled + clusters. + properties: + networkTags: + description: Collection of Compute Engine network tags that can + be applied to a node's underlying VM instance. + properties: + tags: + description: List of network tags applied to auto-provisioned + node pools. + items: + type: string + type: array + type: object + type: object + nodePoolDefaults: + description: The default nodel pool settings for the entire cluster. + properties: + nodeConfigDefaults: + description: Subset of NodeConfig message that has defaults. + properties: + gcfsConfig: + description: GCFS configuration for this node. + properties: + enabled: + description: Whether or not GCFS is enabled. + type: boolean + required: + - enabled + type: object + loggingVariant: + description: Type of logging agent that is used as the default + value for node pools in the cluster. Valid values include + DEFAULT and MAX_THROUGHPUT. type: string + type: object + type: object + nodeVersion: + type: string + notificationConfig: + description: The notification config for sending cluster upgrade notifications. + properties: + pubsub: + description: Notification config for Cloud Pub/Sub. + properties: + enabled: + description: Whether or not the notification config is enabled. + type: boolean + filter: + description: Allows filtering to one or more specific event + types. If event types are present, those and only those + event types will be transmitted to the cluster. Other types + will be skipped. If no filter is specified, or no event + types are present, all event types will be sent. + properties: + eventType: + description: Can be used to filter what notifications + are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, + UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. + items: + type: string + type: array + required: + - eventType + type: object + topicRef: + description: The PubSubTopic to send the notification to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - endTime - - recurrence - - startTime + - enabled type: object + required: + - pubsub type: object - masterAuth: - description: DEPRECATED. Basic authentication was removed for GKE - cluster versions >= 1.19. The authentication information for accessing - the Kubernetes master. Some values in this block are only returned - by the API if your service account has permission to get credentials - for your GKE cluster. If you see an unexpected diff unsetting your - client cert, ensure you have the container.clusters.getCredentials - permission. + podSecurityPolicyConfig: + description: Configuration for the PodSecurityPolicy feature. properties: - clientCertificate: - description: Base64 encoded public certificate used by clients - to authenticate to the cluster endpoint. - type: string - clientCertificateConfig: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Enable the PodSecurityPolicy controller for this + cluster. If enabled, pods must be valid under a PodSecurityPolicy + to be created. + type: boolean + required: + - enabled + type: object + privateClusterConfig: + description: Configuration for private clusters, clusters with private + nodes. + properties: + enablePrivateEndpoint: + description: When true, the cluster's private endpoint is used + as the cluster endpoint and access through the public endpoint + is disabled. When false, either endpoint can be used. This field + only applies to private clusters, when enable_private_nodes + is true. + type: boolean + enablePrivateNodes: + description: Immutable. Enables the private cluster feature, creating + a private endpoint on the cluster. In a private cluster, nodes + only have RFC 1918 private addresses and communicate with the + master's private endpoint via private networking. + type: boolean + masterGlobalAccessConfig: + description: Controls cluster master global access settings. properties: - issueClientCertificate: - description: Immutable. Whether client certificate authorization - is enabled for this cluster. + enabled: + description: Whether the cluster master is accessible globally + or not. type: boolean required: - - issueClientCertificate + - enabled type: object - clientKey: - description: Base64 encoded private key used by clients to authenticate - to the cluster endpoint. + masterIpv4CidrBlock: + description: Immutable. The IP range in CIDR notation to use for + the hosted master network. This range will be used for assigning + private IP addresses to the cluster master(s) and the ILB VIP. + This range must not overlap with any other ranges in use within + the cluster's network, and it must be a /28 subnet. See Private + Cluster Limitations for more details. This field only applies + to private clusters, when enable_private_nodes is true. type: string - clusterCaCertificate: - description: Base64 encoded public certificate that is the root - of trust for the cluster. + peeringName: + description: The name of the peering between this cluster and + the Google owned VPC. type: string - password: - description: The password to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. + privateEndpoint: + description: The internal IP address of this cluster's master + endpoint. + type: string + privateEndpointSubnetworkRef: + description: |- + Immutable. Subnetwork in cluster's network where master's endpoint + will be provisioned. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - username: - description: The username to use for HTTP basic authentication - when accessing the Kubernetes master endpoint. If not present - basic auth will be disabled. + publicEndpoint: + description: The external IP address of this cluster's master + endpoint. type: string type: object - masterAuthorizedNetworksConfig: - description: The desired configuration options for master authorized - networks. Omit the nested cidr_blocks attribute to disallow external - access (except the cluster node IPs, which GKE automatically whitelists). + privateIpv6GoogleAccess: + description: The desired state of IPv6 connectivity to Google Services. + By default, no private IPv6 access to or from Google Services (all + access will be via IPv4). + type: string + protectConfig: + description: Enable/Disable Protect API features for the cluster. properties: - cidrBlocks: - description: External networks that can access the Kubernetes - cluster master through HTTPS. - items: - properties: - cidrBlock: - description: External network that can access Kubernetes - master through HTTPS. Must be specified in CIDR notation. - type: string - displayName: - description: Field for users to identify CIDR blocks. - type: string - required: - - cidrBlock - type: object - type: array - gcpPublicCidrsAccessEnabled: - description: Whether master is accessbile via Google Compute Engine - Public IP addresses. - type: boolean + workloadConfig: + description: WorkloadConfig defines which actions are enabled + for a cluster's workload configurations. + properties: + auditMode: + description: Sets which mode of auditing should be used for + the cluster's workloads. Accepted values are DISABLED, BASIC. + type: string + required: + - auditMode + type: object + workloadVulnerabilityMode: + description: Sets which mode to use for Protect workload vulnerability + scanning feature. Accepted values are DISABLED, BASIC. + type: string type: object - meshCertificates: - description: If set, and enable_certificates=true, the GKE Workload - Identity Certificates controller and node agent will be deployed - in the cluster. + releaseChannel: + description: Configuration options for the Release channel feature, + which provide more control over automatic upgrades of your GKE clusters. + Note that removing this field from your config will not unenroll + it. Instead, use the "UNSPECIFIED" channel. properties: - enableCertificates: - description: When enabled the GKE Workload Identity Certificates - controller and node agent will be deployed in the cluster. - type: boolean + channel: + description: |- + The selected release channel. Accepted values are: + * UNSPECIFIED: Not set. + * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. + * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. + * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + type: string required: - - enableCertificates + - channel type: object - minMasterVersion: - description: The minimum version of the master. GKE will auto-update - the master to new versions, so this does not guarantee the current - master version--use the read-only master_version field to obtain - that. If unset, the cluster's version will be set by GKE to the - version of the most recent official release (which is not necessarily - the latest version). + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - monitoringConfig: - description: Monitoring configuration for the cluster. + resourceUsageExportConfig: + description: Configuration for the ResourceUsageExportConfig feature. properties: - enableComponents: - description: GKE components exposing metrics. Valid values include - SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, - and WORKLOADS. - items: - type: string - type: array - managedPrometheus: - description: Configuration for Google Cloud Managed Services for - Prometheus. + bigqueryDestination: + description: Parameters for using BigQuery as the destination + of resource usage export. properties: - enabled: - description: Whether or not the managed collection is enabled. - type: boolean + datasetId: + description: The ID of a BigQuery Dataset. + type: string required: - - enabled + - datasetId type: object + enableNetworkEgressMetering: + description: Whether to enable network egress metering for this + cluster. If enabled, a daemonset will be created in the cluster + to meter network egress traffic. + type: boolean + enableResourceConsumptionMetering: + description: Whether to enable resource consumption metering on + this cluster. When enabled, a table will be created in the resource + export BigQuery dataset to store resource consumption data. + The resulting table can be joined with the resource usage table + or with BigQuery billing export. Defaults to true. + type: boolean + required: + - bigqueryDestination + type: object + serviceExternalIpsConfig: + description: If set, and enabled=true, services with external ips + field will not be blocked. + properties: + enabled: + description: When enabled, services with exterenal ips specified + will be allowed. + type: boolean + required: + - enabled + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - monitoringService: - description: The monitoring service that the cluster should write - metrics to. Automatically send metrics from pods in the cluster - to the Google Cloud Monitoring API. VM metrics will be collected - by Google Compute Engine regardless of this setting Available options - include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver - Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes. - type: string - networkPolicy: - description: Configuration options for the NetworkPolicy feature. + verticalPodAutoscaling: + description: Vertical Pod Autoscaling automatically adjusts the resources + of pods controlled by it. properties: enabled: - description: Whether network policy is enabled on the cluster. + description: Enables vertical pod autoscaling. type: boolean - provider: - description: The selected network policy provider. Defaults to - PROVIDER_UNSPECIFIED. - type: string required: - enabled type: object - networkRef: + workloadIdentityConfig: + description: Configuration for the use of Kubernetes Service Accounts + in GCP IAM policies. + properties: + identityNamespace: + description: |- + DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. + Enables workload identity. + type: string + workloadPool: + description: The workload pool to attach all Kubernetes service + accounts to. + type: string + type: object + required: + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + endpoint: + description: The IP address of this cluster's Kubernetes master. + type: string + labelFingerprint: + description: The fingerprint of the set of labels for this cluster. + type: string + masterVersion: + description: The current version of the master in the cluster. This + may be different than the min_master_version set in the config if + the master has been updated by GKE. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + selfLink: + description: Server-defined URL for the resource. + type: string + servicesIpv4Cidr: + description: The IP address range of the Kubernetes services in this + cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are + typically put in the last /16 from the container CIDR. + type: string + tpuIpv4CidrBlock: + description: The IP address range of the Cloud TPUs in this cluster, + in CIDR notation (e.g. 1.2.3.4/29). + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: containernodepools.container.cnrm.cloud.google.com +spec: + group: container.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ContainerNodePool + plural: containernodepools + shortNames: + - gcpcontainernodepool + - gcpcontainernodepools + singular: containernodepool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoscaling: + description: Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. To disable + autoscaling, set minNodeCount and maxNodeCount to 0. + properties: + locationPolicy: + description: Location policy specifies the algorithm used when + scaling-up the node pool. "BALANCED" - Is a best effort policy + that aims to balance the sizes of available zones. "ANY" - Instructs + the cluster autoscaler to prioritize utilization of unused reservations, + and reduces preemption risk for Spot VMs. + type: string + maxNodeCount: + description: Maximum number of nodes per zone in the node pool. + Must be >= min_node_count. Cannot be used with total limits. + type: integer + minNodeCount: + description: Minimum number of nodes per zone in the node pool. + Must be >=0 and <= max_node_count. Cannot be used with total + limits. + type: integer + totalMaxNodeCount: + description: Maximum number of all nodes in the node pool. Must + be >= total_min_node_count. Cannot be used with per zone limits. + type: integer + totalMinNodeCount: + description: Minimum number of all nodes in the node pool. Must + be >=0 and <= total_max_node_count. Cannot be used with per + zone limits. + type: integer + type: object + clusterRef: oneOf: - not: required: @@ -30841,7 +45759,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ContainerCluster` resource.' type: string name: @@ -30851,13 +45769,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkingMode: - description: Immutable. Determines whether alias IPs or routes will - be used for pod IPs in the cluster. + initialNodeCount: + description: Immutable. The initial number of nodes for the pool. + In regional or multi-zonal clusters, this is the number of nodes + per zone. Changing this will force recreation of the resource. + type: integer + location: + description: Immutable. The location (region or zone) of the cluster. + type: string + management: + description: Node management configuration, wherein auto-repair and + auto-upgrade is configured. + properties: + autoRepair: + description: Whether the nodes will be automatically repaired. + type: boolean + autoUpgrade: + description: Whether the nodes will be automatically upgraded. + type: boolean + type: object + maxPodsPerNode: + description: Immutable. The maximum number of pods per node in this + node pool. Note that this does not work on node pools which are + "route-based" - that is, node pools belonging to clusters that do + not have IP Aliasing enabled. + type: integer + namePrefix: + description: Immutable. Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. type: string + networkConfig: + description: Networking configuration for this NodePool. If specified, + it overrides the cluster-level defaults. + properties: + createPodRange: + description: Immutable. Whether to create a new range for pod + IPs in this node pool. Defaults are provided for pod_range and + pod_ipv4_cidr_block if they are not specified. + type: boolean + enablePrivateNodes: + description: Whether nodes have internal IP addresses only. + type: boolean + podCidrOverprovisionConfig: + description: Immutable. Configuration for node-pool level pod + cidr overprovision. If not set, the cluster level setting will + be inherited. + properties: + disabled: + type: boolean + required: + - disabled + type: object + podIpv4CidrBlock: + description: Immutable. The IP address range for pod IPs in this + node pool. Only applicable if create_pod_range is true. Set + to blank to have a range chosen with the default size. Set to + /netmask (e.g. /14) to have a range chosen with a specific netmask. + Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific + range to use. + type: string + podRange: + description: Immutable. The ID of the secondary range for pod + IPs. If create_pod_range is true, this ID is used for the new + range. If create_pod_range is false, uses an existing secondary + range with this ID. + type: string + type: object nodeConfig: description: Immutable. The configuration of the nodepool. properties: + advancedMachineFeatures: + description: Immutable. Specifies options for controlling advanced + machine features. + properties: + threadsPerCore: + description: Immutable. The number of threads per physical + core. To disable simultaneous multithreading (SMT) set this + to 1. If unset, the maximum number of threads supported + per core by the underlying processor is assumed. + type: integer + required: + - threadsPerCore + type: object bootDiskKMSCryptoKeyRef: oneOf: - not: @@ -30895,11 +45888,26 @@ spec: type: string ephemeralStorageConfig: description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local SSDs to use to back + ephemeral storage. Uses NVMe interfaces. Each local SSD + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. + type: integer + required: + - localSsdCount + type: object + ephemeralStorageLocalSsdConfig: + description: Immutable. Parameters for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed by the boot disk. properties: localSsdCount: description: Immutable. Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. + must be 375 or 3000 GB in size, and all local SSDs must + share the same size. type: integer required: - localSsdCount @@ -30987,9 +45995,9 @@ spec: labels: additionalProperties: type: string - description: Immutable. The map of Kubernetes labels (key/value - pairs) to be applied to each node. These will added in addition - to any default label(s) that Kubernetes may apply to the node. + description: The map of Kubernetes labels (key/value pairs) to + be applied to each node. These will added in addition to any + default label(s) that Kubernetes may apply to the node. type: object linuxNodeConfig: description: Parameters that can be configured on Linux nodes. @@ -31003,6 +46011,17 @@ spec: required: - sysctls type: object + localNvmeSsdBlockConfig: + description: Immutable. Parameters for raw-block local NVMe SSDs. + properties: + localSsdCount: + description: Immutable. Number of raw-block local NVMe SSD + disks to be attached to the node. Each local SSD is 375 + GB in size. + type: integer + required: + - localSsdCount + type: object localSsdCount: description: Immutable. The number of local SSD disks to be attached to the node. @@ -31173,8 +46192,7 @@ spec: type: object type: array workloadMetadataConfig: - description: Immutable. The workload metadata configuration for - this node. + description: The workload metadata configuration for this node. properties: mode: description: Mode is the configuration for how to expose metadata @@ -31187,293 +46205,694 @@ spec: type: string type: object type: object + nodeCount: + description: The number of nodes per instance group. This field can + be used to update the number of nodes per instance group but should + not be used alongside autoscaling. + type: integer nodeLocations: - description: The list of zones in which the cluster's nodes are located. - Nodes must be in the region of their regional cluster or in the - same region as their cluster's zone for zonal clusters. If this - is specified for a zonal cluster, omit the cluster's zone. + description: The list of zones in which the node pool's nodes should + be located. Nodes must be in the region of their regional cluster + or in the same region as their cluster's zone for zonal clusters. + If unspecified, the cluster-level node_locations will be used. items: type: string type: array - nodePoolAutoConfig: - description: Node pool configs that apply to all auto-provisioned - node pools in autopilot clusters and node auto-provisioning enabled - clusters. + placementPolicy: + description: Immutable. Specifies the node placement policy. + properties: + type: + description: Type defines the type of placement policy. + type: string + required: + - type + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + upgradeSettings: + description: Specify node upgrade settings to change how many nodes + GKE attempts to upgrade at once. The number of nodes upgraded simultaneously + is the sum of max_surge and max_unavailable. The maximum number + of nodes upgraded simultaneously is limited to 20. + properties: + blueGreenSettings: + description: Settings for BlueGreen node pool upgrade. + properties: + nodePoolSoakDuration: + description: Time needed after draining entire blue pool. + After this period, blue pool will be cleaned up. + type: string + standardRolloutPolicy: + description: Standard rollout policy is the default policy + for blue-green. + properties: + batchNodeCount: + description: Number of blue nodes to drain in a batch. + type: integer + batchPercentage: + description: Percentage of the blue pool nodes to drain + in a batch. + type: number + batchSoakDuration: + description: Soak time after each batch gets drained. + type: string + type: object + required: + - standardRolloutPolicy + type: object + maxSurge: + description: The number of additional nodes that can be added + to the node pool during an upgrade. Increasing max_surge raises + the number of nodes that can be upgraded simultaneously. Can + be set to 0 or greater. + type: integer + maxUnavailable: + description: The number of nodes that can be simultaneously unavailable + during an upgrade. Increasing max_unavailable raises the number + of nodes that can be upgraded in parallel. Can be set to 0 or + greater. + type: integer + strategy: + description: Update strategy for the given nodepool. + type: string + type: object + version: + type: string + required: + - clusterRef + - location + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + instanceGroupUrls: + description: The resource URLs of the managed instance groups associated + with this node pool. + items: + type: string + type: array + managedInstanceGroupUrls: + description: List of instance group URLs which have been assigned + to this node pool. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + operation: + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentries.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntry + plural: datacatalogentries + shortNames: + - gcpdatacatalogentry + - gcpdatacatalogentries + singular: datacatalogentry + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry description, which can consist of several sentences + or paragraphs that describe entry contents. + type: string + displayName: + description: |- + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + type: string + entryGroup: + description: Immutable. The name of the entry group this entry is + in. + type: string + entryId: + description: Immutable. The id of the entry to create. + type: string + gcsFilesetSpec: + description: Specification that applies to a Cloud Storage fileset. + This is only valid on entries of type FILESET. properties: - networkTags: - description: Collection of Compute Engine network tags that can - be applied to a node's underlying VM instance. - properties: - tags: - description: List of network tags applied to auto-provisioned - node pools. - items: + filePatterns: + description: |- + Patterns to identify a set of files in Google Cloud Storage. + See [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames) + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + + * gs://bucket_name/dir/*: matches all files within bucket_name/dir directory. + * gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories. + * gs://bucket_name/file*: matches files prefixed by file in bucket_name + * gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name + * gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name + * gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name + * gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b + * gs://another_bucket/a.txt: matches gs://another_bucket/a.txt. + items: + type: string + type: array + sampleGcsFileSpecs: + description: Sample files contained in this fileset, not all files + contained in this fileset are represented here. + items: + properties: + filePath: + description: The full file path. type: string - type: array - type: object - type: object - nodePoolDefaults: - description: The default nodel pool settings for the entire cluster. - properties: - nodeConfigDefaults: - description: Subset of NodeConfig message that has defaults. - properties: - gcfsConfig: - description: GCFS configuration for this node. - properties: - enabled: - description: Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include - DEFAULT and MAX_THROUGHPUT. - type: string - type: object + sizeBytes: + description: The size of the file, in bytes. + type: integer + type: object + type: array + required: + - filePatterns type: object - nodeVersion: + linkedResource: + description: |- + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. type: string - notificationConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - pubsub: - description: Notification config for Cloud Pub/Sub. - properties: - enabled: - description: Whether or not the notification config is enabled. - type: boolean - filter: - description: Allows filtering to one or more specific event - types. If event types are present, those and only those - event types will be transmitted to the cluster. Other types - will be skipped. If no filter is specified, or no event - types are present, all event types will be sent. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + schema: + description: |- + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + type: string + type: + description: |- + Immutable. The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: ["FILESET"]. + type: string + userSpecifiedSystem: + description: |- + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + userSpecifiedType: + description: |- + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + type: string + required: + - entryGroup + - entryId + type: object + status: + properties: + bigqueryDateShardedSpec: + description: |- + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + items: + properties: + dataset: + description: |- + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + type: string + shardCount: + description: Total number of shards. + type: integer + tablePrefix: + description: |- + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + type: string + type: object + type: array + bigqueryTableSpec: + description: Specification that applies to a BigQuery table. This + is only valid on entries of type TABLE. + items: + properties: + tableSourceType: + description: The table source type. + type: string + tableSpec: + description: Spec of a BigQuery table. This field should only + be populated if tableSourceType is BIGQUERY_TABLE. + items: properties: - eventType: - description: Can be used to filter what notifications - are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, - UPGRADE_EVENT and SECURITY_BULLETIN_EVENT. - items: - type: string - type: array - required: - - eventType + groupedEntry: + description: |- + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: string type: object - topicRef: - description: The PubSubTopic to send the notification to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + viewSpec: + description: Table view specification. This field should only + be populated if tableSourceType is BIGQUERY_VIEW. + items: properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + viewQuery: + description: The query that defines the table view. type: string type: object + type: array + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + integratedSystem: + description: This field indicates the entry's source system that Data + Catalog integrates with, such as BigQuery or Pub/Sub. + type: string + name: + description: |- + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogentrygroups.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogEntryGroup + plural: datacatalogentrygroups + shortNames: + - gcpdatacatalogentrygroup + - gcpdatacatalogentrygroups + singular: datacatalogentrygroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Entry group description, which can consist of several + sentences or paragraphs that describe entry group contents. + type: string + displayName: + description: A short name to identify the entry group, for example, + "analytics data - jan 2011". + type: string + entryGroupId: + description: |- + Immutable. The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - enabled - type: object - required: - - pubsub - type: object - podSecurityPolicyConfig: - description: Configuration for the PodSecurityPolicy feature. - properties: - enabled: - description: Enable the PodSecurityPolicy controller for this - cluster. If enabled, pods must be valid under a PodSecurityPolicy - to be created. - type: boolean - required: - - enabled - type: object - privateClusterConfig: - description: Configuration for private clusters, clusters with private - nodes. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - enablePrivateEndpoint: - description: When true, the cluster's private endpoint is used - as the cluster endpoint and access through the public endpoint - is disabled. When false, either endpoint can be used. This field - only applies to private clusters, when enable_private_nodes - is true. - type: boolean - enablePrivateNodes: - description: Immutable. Enables the private cluster feature, creating - a private endpoint on the cluster. In a private cluster, nodes - only have RFC 1918 private addresses and communicate with the - master's private endpoint via private networking. - type: boolean - masterGlobalAccessConfig: - description: Controls cluster master global access settings. - properties: - enabled: - description: Whether the cluster master is accessible globally - or not. - type: boolean - required: - - enabled - type: object - masterIpv4CidrBlock: - description: Immutable. The IP range in CIDR notation to use for - the hosted master network. This range will be used for assigning - private IP addresses to the cluster master(s) and the ILB VIP. - This range must not overlap with any other ranges in use within - the cluster's network, and it must be a /28 subnet. See Private - Cluster Limitations for more details. This field only applies - to private clusters, when enable_private_nodes is true. - type: string - peeringName: - description: The name of the peering between this cluster and - the Google owned VPC. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - privateEndpoint: - description: The internal IP address of this cluster's master - endpoint. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - privateEndpointSubnetworkRef: - description: |- - Immutable. Subnetwork in cluster's network where master's endpoint - will be provisioned. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - publicEndpoint: - description: The external IP address of this cluster's master - endpoint. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - privateIpv6GoogleAccess: - description: The desired state of IPv6 connectivity to Google Services. - By default, no private IPv6 access to or from Google Services (all - access will be via IPv4). + region: + description: Immutable. EntryGroup location region. type: string - protectConfig: - description: The notification config for sending cluster upgrade notifications. - properties: - workloadConfig: - description: WorkloadConfig defines the flags to enable or disable - the workload configurations for the cluster. - properties: - auditMode: - description: Mode defines how to audit the workload configs. - Accepted values are MODE_UNSPECIFIED, DISABLED, BASIC. - type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - entryGroupId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the entry group in URL format. + Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogPolicyTag + plural: datacatalogpolicytags + shortNames: + - gcpdatacatalogpolicytag + - gcpdatacatalogpolicytags + singular: datacatalogpolicytag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: |- + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + type: string + parentPolicyTagRef: + oneOf: + - not: required: - - auditMode - type: object - workloadVulnerabilityMode: - description: WorkloadVulnerabilityMode defines mode to perform - vulnerability scanning. Accepted values are WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED, - DISABLED, BASIC. - type: string - type: object - releaseChannel: - description: Configuration options for the Release channel feature, - which provide more control over automatic upgrades of your GKE clusters. - Note that removing this field from your config will not unenroll - it. Instead, use the "UNSPECIFIED" channel. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - channel: - description: |- - The selected release channel. Accepted values are: - * UNSPECIFIED: Not set. - * RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. - * REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. - * STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky. + external: + description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - channel type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - resourceUsageExportConfig: - description: Configuration for the ResourceUsageExportConfig feature. - properties: - bigqueryDestination: - description: Parameters for using BigQuery as the destination - of resource usage export. - properties: - datasetId: - description: The ID of a BigQuery Dataset. - type: string - required: - - datasetId - type: object - enableNetworkEgressMetering: - description: Whether to enable network egress metering for this - cluster. If enabled, a daemonset will be created in the cluster - to meter network egress traffic. - type: boolean - enableResourceConsumptionMetering: - description: Whether to enable resource consumption metering on - this cluster. When enabled, a table will be created in the resource - export BigQuery dataset to store resource consumption data. - The resulting table can be joined with the resource usage table - or with BigQuery billing export. Defaults to true. - type: boolean - required: - - bigqueryDestination - type: object - serviceExternalIpsConfig: - description: If set, and enabled=true, services with external ips - field will not be blocked. - properties: - enabled: - description: When enabled, services with exterenal ips specified - will be allowed. - type: boolean - required: - - enabled - type: object - subnetworkRef: + taxonomyRef: oneOf: - not: required: @@ -31490,7 +46909,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` + description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` resource.' type: string name: @@ -31500,35 +46919,17 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - verticalPodAutoscaling: - description: Vertical Pod Autoscaling automatically adjusts the resources - of pods controlled by it. - properties: - enabled: - description: Enables vertical pod autoscaling. - type: boolean - required: - - enabled - type: object - workloadIdentityConfig: - description: Configuration for the use of Kubernetes Service Accounts - in GCP IAM policies. - properties: - identityNamespace: - description: |- - DEPRECATED. This field will be removed in a future major release as it has been deprecated in the API. Use `workloadPool` instead; `workloadPool` field will supersede this field. - Enables workload identity. - type: string - workloadPool: - description: The workload pool to attach all Kubernetes service - accounts to. - type: string - type: object required: - - location + - displayName + - taxonomyRef type: object status: properties: + childPolicyTags: + description: Resource names of child policy tags of this policy tag. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -31555,16 +46956,10 @@ spec: type: string type: object type: array - endpoint: - description: The IP address of this cluster's Kubernetes master. - type: string - labelFingerprint: - description: The fingerprint of the set of labels for this cluster. - type: string - masterVersion: - description: The current version of the master in the cluster. This - may be different than the min_master_version set in the config if - the master has been updated by GKE. + name: + description: |- + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -31573,19 +46968,190 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtags.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTag + plural: datacatalogtags + shortNames: + - gcpdatacatalogtag + - gcpdatacatalogtags + singular: datacatalogtag + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + column: + description: |- + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + + For attaching a tag to a nested column, use '.' to separate the column names. Example: + 'outer_column.inner_column'. type: string - selfLink: - description: Server-defined URL for the resource. + fields: + description: |- + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + items: + properties: + boolValue: + description: Holds the value for a tag field with boolean type. + type: boolean + displayName: + description: The display name of this field. + type: string + doubleValue: + description: Holds the value for a tag field with double type. + type: number + enumValue: + description: The display name of the enum value. + type: string + fieldName: + type: string + order: + description: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + type: integer + stringValue: + description: Holds the value for a tag field with string type. + type: string + timestampValue: + description: Holds the value for a tag field with timestamp + type. + type: string + required: + - fieldName + type: object + type: array + parent: + description: |- + Immutable. The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. type: string - servicesIpv4Cidr: - description: The IP address range of the Kubernetes services in this - cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are - typically put in the last /16 from the container CIDR. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - tpuIpv4CidrBlock: - description: The IP address range of the Cloud TPUs in this cluster, - in CIDR notation (e.g. 1.2.3.4/29). + template: + description: |- + Immutable. The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + type: string + required: + - fields + - template + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + templateDisplayname: + description: The display name of the tag template. type: string type: object required: @@ -31606,25 +47172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: containernodepools.container.cnrm.cloud.google.com + name: datacatalogtagtemplates.datacatalog.cnrm.cloud.google.com spec: - group: container.cnrm.cloud.google.com + group: datacatalog.cnrm.cloud.google.com names: categories: - gcp - kind: ContainerNodePool - plural: containernodepools + kind: DataCatalogTagTemplate + plural: datacatalogtagtemplates shortNames: - - gcpcontainernodepool - - gcpcontainernodepools - singular: containernodepool + - gcpdatacatalogtagtemplate + - gcpdatacatalogtagtemplates + singular: datacatalogtagtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -31644,7 +47210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -31662,38 +47228,260 @@ spec: type: object spec: properties: - autoscaling: - description: Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. To disable - autoscaling, set minNodeCount and maxNodeCount to 0. + displayName: + description: The display name for this template. + type: string + fields: + description: Set of tag template field IDs and the settings for the + field. This set is an exhaustive list of the allowed fields. This + set must contain at least one field and at most 500 fields. The + change of field_id will be resulting in re-creating of field. The + change of primitive_type will be resulting in re-creating of field, + however if the field is a required, you cannot update it. + items: + properties: + description: + description: A description for this field. + type: string + displayName: + description: The display name for this field. + type: string + fieldId: + type: string + isRequired: + description: Whether this is a required field. Defaults to false. + type: boolean + name: + description: 'The resource name of the tag template field in + URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}.' + type: string + order: + description: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + type: integer + type: + description: The type of value this tag field can contain. + properties: + enumType: + description: |- + Represents an enum type. + Exactly one of 'primitive_type' or 'enum_type' must be set. + properties: + allowedValues: + description: |- + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. + items: + properties: + displayName: + description: The display name of the enum value. + type: string + required: + - displayName + type: object + type: array + required: + - allowedValues + type: object + primitiveType: + description: |- + Represents primitive types - string, bool etc. + Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: ["DOUBLE", "STRING", "BOOL", "TIMESTAMP"]. + type: string + type: object + required: + - fieldId + - type + type: object + type: array + forceDelete: + description: This confirms the deletion of any possible tags using + this template. Must be set to true in order to delete the tag template. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - locationPolicy: - description: Location policy specifies the algorithm used when - scaling-up the node pool. "BALANCED" - Is a best effort policy - that aims to balance the sizes of available zones. "ANY" - Instructs - the cluster autoscaler to prioritize utilization of unused reservations, - and reduces preemption risk for Spot VMs. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - maxNodeCount: - description: Maximum number of nodes per zone in the node pool. - Must be >= min_node_count. Cannot be used with total limits. - type: integer - minNodeCount: - description: Minimum number of nodes per zone in the node pool. - Must be >=0 and <= max_node_count. Cannot be used with total - limits. - type: integer - totalMaxNodeCount: - description: Maximum number of all nodes in the node pool. Must - be >= total_min_node_count. Cannot be used with per zone limits. - type: integer - totalMinNodeCount: - description: Minimum number of all nodes in the node pool. Must - be >=0 and <= total_max_node_count. Cannot be used with per - zone limits. - type: integer type: object - clusterRef: + region: + description: Immutable. Template location region. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + tagTemplateId: + description: Immutable. The id of the tag template to create. + type: string + required: + - fields + - projectRef + - tagTemplateId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The resource name of the tag template in URL format. + Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}.' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com +spec: + group: datacatalog.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataCatalogTaxonomy + plural: datacatalogtaxonomies + shortNames: + - gcpdatacatalogtaxonomy + - gcpdatacatalogtaxonomies + singular: datacatalogtaxonomy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + activatedPolicyTypes: + description: |- + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. + items: + type: string + type: array + description: + description: |- + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. + type: string + displayName: + description: |- + User defined name of this taxonomy. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -31710,8 +47498,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ContainerCluster` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -31720,472 +47507,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - initialNodeCount: - description: Immutable. The initial number of nodes for the pool. - In regional or multi-zonal clusters, this is the number of nodes - per zone. Changing this will force recreation of the resource. - type: integer - location: - description: Immutable. The location (region or zone) of the cluster. + region: + description: Immutable. Taxonomy location region. type: string - management: - description: Node management configuration, wherein auto-repair and - auto-upgrade is configured. - properties: - autoRepair: - description: Whether the nodes will be automatically repaired. - type: boolean - autoUpgrade: - description: Whether the nodes will be automatically upgraded. - type: boolean - type: object - maxPodsPerNode: - description: Immutable. The maximum number of pods per node in this - node pool. Note that this does not work on node pools which are - "route-based" - that is, node pools belonging to clusters that do - not have IP Aliasing enabled. - type: integer - namePrefix: - description: Immutable. Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - networkConfig: - description: Networking configuration for this NodePool. If specified, - it overrides the cluster-level defaults. - properties: - createPodRange: - description: Immutable. Whether to create a new range for pod - IPs in this node pool. Defaults are provided for pod_range and - pod_ipv4_cidr_block if they are not specified. - type: boolean - enablePrivateNodes: - description: Whether nodes have internal IP addresses only. - type: boolean - podIpv4CidrBlock: - description: Immutable. The IP address range for pod IPs in this - node pool. Only applicable if create_pod_range is true. Set - to blank to have a range chosen with the default size. Set to - /netmask (e.g. /14) to have a range chosen with a specific netmask. - Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific - range to use. - type: string - podRange: - description: Immutable. The ID of the secondary range for pod - IPs. If create_pod_range is true, this ID is used for the new - range. If create_pod_range is false, uses an existing secondary - range with this ID. - type: string - type: object - nodeConfig: - description: Immutable. The configuration of the nodepool. - properties: - bootDiskKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - diskSizeGb: - description: Immutable. Size of the disk attached to each node, - specified in GB. The smallest allowed disk size is 10GB. - type: integer - diskType: - description: Immutable. Type of the disk attached to each node. - Such as pd-standard, pd-balanced or pd-ssd. - type: string - ephemeralStorageConfig: - description: Immutable. Parameters for the ephemeral storage filesystem. - properties: - localSsdCount: - description: Immutable. Number of local SSDs to use to back - ephemeral storage. Uses NVMe interfaces. Each local SSD - is 375 GB in size. - type: integer - required: - - localSsdCount - type: object - gcfsConfig: - description: Immutable. GCFS configuration for this node. - properties: - enabled: - description: Immutable. Whether or not GCFS is enabled. - type: boolean - required: - - enabled - type: object - guestAccelerator: - description: Immutable. List of the type and count of accelerator - cards attached to the instance. - items: - properties: - count: - description: Immutable. The number of the accelerator cards - exposed to an instance. - type: integer - gpuPartitionSize: - description: Immutable. Size of partitions to create on - the GPU. Valid values are described in the NVIDIA mig - user guide (https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - gpuSharingConfig: - description: Immutable. Configuration for GPU sharing. - properties: - gpuSharingStrategy: - description: Immutable. The type of GPU sharing strategy - to enable on the GPU node. Possible values are described - in the API package (https://pkg.go.dev/google.golang.org/api/container/v1#GPUSharingConfig). - type: string - maxSharedClientsPerGpu: - description: Immutable. The maximum number of containers - that can share a GPU. - type: integer - required: - - gpuSharingStrategy - - maxSharedClientsPerGpu - type: object - type: - description: Immutable. The accelerator type resource name. - type: string - required: - - count - - type - type: object - type: array - gvnic: - description: Immutable. Enable or disable gvnic in the node pool. - properties: - enabled: - description: Immutable. Whether or not gvnic is enabled. - type: boolean - required: - - enabled - type: object - imageType: - description: The image type to use for this node. Note that for - a given image type, the latest version of it will be used. - type: string - kubeletConfig: - description: Node kubelet configs. - properties: - cpuCfsQuota: - description: Enable CPU CFS quota enforcement for containers - that specify CPU limits. - type: boolean - cpuCfsQuotaPeriod: - description: Set the CPU CFS quota period value 'cpu.cfs_period_us'. - type: string - cpuManagerPolicy: - description: Control the CPU management policy on the node. - type: string - podPidsLimit: - description: Controls the maximum number of processes allowed - to run in a pod. - type: integer - required: - - cpuManagerPolicy - type: object - labels: - additionalProperties: + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: The map of Kubernetes labels (key/value pairs) to - be applied to each node. These will added in addition to any - default label(s) that Kubernetes may apply to the node. - type: object - linuxNodeConfig: - description: Parameters that can be configured on Linux nodes. - properties: - sysctls: - additionalProperties: - type: string - description: The Linux kernel parameters to be applied to - the nodes and all pods running on the nodes. - type: object - required: - - sysctls - type: object - localSsdCount: - description: Immutable. The number of local SSD disks to be attached - to the node. - type: integer - loggingVariant: - description: Type of logging agent that is used as the default - value for node pools in the cluster. Valid values include DEFAULT - and MAX_THROUGHPUT. - type: string - machineType: - description: Immutable. The name of a Google Compute Engine machine - type. - type: string - metadata: - additionalProperties: + message: + description: Human-readable message indicating details about + last transition. type: string - description: Immutable. The metadata key/value pairs assigned - to instances in the cluster. - type: object - minCpuPlatform: - description: Immutable. Minimum CPU platform to be used by this - instance. The instance may be scheduled on the specified or - newer CPU platform. - type: string - nodeGroupRef: - description: |- - Immutable. Setting this field will assign instances - of this pool to run on the specified node group. This is useful - for running workloads on sole tenant nodes. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeNodeGroup` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - oauthScopes: - description: Immutable. The set of Google API scopes to be made - available on all of the node VMs. - items: + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. type: string - type: array - preemptible: - description: Immutable. Whether the nodes are created as preemptible - VM instances. - type: boolean - reservationAffinity: - description: Immutable. The reservation affinity configuration - for the node pool. - properties: - consumeReservationType: - description: Immutable. Corresponds to the type of reservation - consumption. - type: string - key: - description: Immutable. The label key of a reservation resource. - type: string - values: - description: Immutable. The label values of the reservation - resource. - items: - type: string - type: array - required: - - consumeReservationType - type: object - resourceLabels: - additionalProperties: + status: + description: Status is the status of the condition. Can be True, + False, Unknown. type: string - description: The GCE resource labels (a map of key/value pairs) - to be applied to the node pool. - type: object - sandboxConfig: - description: Immutable. Sandbox configuration for this node. - properties: - sandboxType: - description: Type of the sandbox to use for the node (e.g. - 'gvisor'). - type: string - required: - - sandboxType - type: object - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - shieldedInstanceConfig: - description: Immutable. Shielded Instance options. - properties: - enableIntegrityMonitoring: - description: Immutable. Defines whether the instance has integrity - monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Defines whether the instance has Secure - Boot enabled. - type: boolean - type: object - spot: - description: Immutable. Whether the nodes are created as spot - VM instances. - type: boolean - tags: - description: The list of instance tags applied to all nodes. - items: + type: + description: Type is the type of the condition. type: string - type: array - taint: - description: Immutable. List of Kubernetes taints to be applied - to each node. - items: - properties: - effect: - description: Immutable. Effect for taint. - type: string - key: - description: Immutable. Key for taint. - type: string - value: - description: Immutable. Value for taint. - type: string - required: - - effect - - key - - value - type: object - type: array - workloadMetadataConfig: - description: The workload metadata configuration for this node. - properties: - mode: - description: Mode is the configuration for how to expose metadata - to workloads running on the node. - type: string - nodeMetadata: - description: DEPRECATED. Deprecated in favor of mode. NodeMetadata - is the configuration for how to expose metadata to the workloads - running on the node. - type: string - type: object - type: object - nodeCount: - description: The number of nodes per instance group. This field can - be used to update the number of nodes per instance group but should - not be used alongside autoscaling. - type: integer - nodeLocations: - description: The list of zones in which the node pool's nodes should - be located. Nodes must be in the region of their regional cluster - or in the same region as their cluster's zone for zonal clusters. - If unspecified, the cluster-level node_locations will be used. - items: - type: string + type: object type: array - placementPolicy: - description: Immutable. Specifies the node placement policy. - properties: - type: - description: Type defines the type of placement policy. - type: string - required: - - type - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + name: + description: |- + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com +spec: + group: dataflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DataflowFlexTemplateJob + plural: dataflowflextemplatejobs + shortNames: + - gcpdataflowflextemplatejob + - gcpdataflowflextemplatejobs + singular: dataflowflextemplatejob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerSpecGcsPath: type: string - upgradeSettings: - description: Specify node upgrade settings to change how many nodes - GKE attempts to upgrade at once. The number of nodes upgraded simultaneously - is the sum of max_surge and max_unavailable. The maximum number - of nodes upgraded simultaneously is limited to 20. - properties: - blueGreenSettings: - description: Settings for BlueGreen node pool upgrade. - properties: - nodePoolSoakDuration: - description: Time needed after draining entire blue pool. - After this period, blue pool will be cleaned up. - type: string - standardRolloutPolicy: - description: Standard rollout policy is the default policy - for blue-green. - properties: - batchNodeCount: - description: Number of blue nodes to drain in a batch. - type: integer - batchPercentage: - description: Percentage of the blue pool nodes to drain - in a batch. - type: number - batchSoakDuration: - description: Soak time after each batch gets drained. - type: string - type: object - required: - - standardRolloutPolicy - type: object - maxSurge: - description: The number of additional nodes that can be added - to the node pool during an upgrade. Increasing max_surge raises - the number of nodes that can be upgraded simultaneously. Can - be set to 0 or greater. - type: integer - maxUnavailable: - description: The number of nodes that can be simultaneously unavailable - during an upgrade. Increasing max_unavailable raises the number - of nodes that can be upgraded in parallel. Can be set to 0 or - greater. - type: integer - strategy: - description: Update strategy for the given nodepool. - type: string + parameters: type: object - version: + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. type: string required: - - clusterRef - - location + - containerSpecGcsPath type: object status: properties: @@ -32215,18 +47674,8 @@ spec: type: string type: object type: array - instanceGroupUrls: - description: The resource URLs of the managed instance groups associated - with this node pool. - items: - type: string - type: array - managedInstanceGroupUrls: - description: List of instance group URLs which have been assigned - to this node pool. - items: - type: string - type: array + jobId: + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32234,7 +47683,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - operation: + state: type: string type: object required: @@ -32255,25 +47704,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogpolicytags.datacatalog.cnrm.cloud.google.com + name: dataflowjobs.dataflow.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataflow.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogPolicyTag - plural: datacatalogpolicytags + kind: DataflowJob + plural: dataflowjobs shortNames: - - gcpdatacatalogpolicytag - - gcpdatacatalogpolicytags - singular: datacatalogpolicytag + - gcpdataflowjob + - gcpdataflowjobs + singular: dataflowjob preserveUnknownFields: false scope: Namespaced versions: @@ -32311,20 +47760,57 @@ spec: type: object spec: properties: - description: - description: |- - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + additionalExperiments: + description: List of experiments that should be used by the job. An + example value is ["enable_stackdriver_agent_metrics"]. + items: + type: string + type: array + enableStreamingEngine: + description: Indicates if the job should use the streaming engine + feature. + type: boolean + ipConfiguration: + description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" + or "WORKER_IP_PRIVATE". type: string - displayName: - description: |- - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + kmsKeyRef: + description: The name for the Cloud KMS key for the job. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: The machine type to use for the job. type: string - parentPolicyTagRef: + maxWorkers: + description: Immutable. The number of workers permitted to work on + the job. More workers may improve processing speed at additional + cost. + type: integer + networkRef: oneOf: - not: required: @@ -32341,7 +47827,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogPolicyTag` + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` resource.' type: string name: @@ -32351,12 +47837,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + parameters: + description: Key/Value pairs to be passed to the Dataflow job (as + used in the template). + type: object + x-kubernetes-preserve-unknown-fields: true + region: + description: Immutable. The region in which the created job should + run. + type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - taxonomyRef: + serviceAccountRef: oneOf: - not: required: @@ -32373,7 +47868,34 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `DataCatalogTaxonomy` + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + subnetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource.' type: string name: @@ -32383,17 +47905,29 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + tempGcsLocation: + description: A writeable location on Google Cloud Storage for the + Dataflow job to dump its temporary data. + type: string + templateGcsPath: + description: The Google Cloud Storage path to the Dataflow job template. + type: string + transformNameMapping: + description: Only applicable when updating a pipeline. Map of transform + name prefixes of the job to be replaced with the corresponding name + prefixes of the new job. + type: object + x-kubernetes-preserve-unknown-fields: true + zone: + description: Immutable. The zone in which the created job should run. + If it is not provided, the provider zone is used. + type: string required: - - displayName - - taxonomyRef + - tempGcsLocation + - templateGcsPath type: object status: properties: - childPolicyTags: - description: Resource names of child policy tags of this policy tag. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32420,10 +47954,8 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}". + jobId: + description: The unique ID of this job. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32432,6 +47964,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: The current state of the resource, selected from the + JobState enum. + type: string + type: + description: The type of this job, selected from the JobType enum. + type: string type: object required: - spec @@ -32451,25 +47990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: datacatalogtaxonomies.datacatalog.cnrm.cloud.google.com + name: dataformrepositories.dataform.cnrm.cloud.google.com spec: - group: datacatalog.cnrm.cloud.google.com + group: dataform.cnrm.cloud.google.com names: categories: - gcp - kind: DataCatalogTaxonomy - plural: datacatalogtaxonomies + kind: DataformRepository + plural: dataformrepositories shortNames: - - gcpdatacatalogtaxonomy - - gcpdatacatalogtaxonomies - singular: datacatalogtaxonomy + - gcpdataformrepository + - gcpdataformrepositories + singular: dataformrepository preserveUnknownFields: false scope: Namespaced versions: @@ -32489,7 +48028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -32507,26 +48046,29 @@ spec: type: object spec: properties: - activatedPolicyTypes: - description: |- - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. Possible values: ["POLICY_TYPE_UNSPECIFIED", "FINE_GRAINED_ACCESS_CONTROL"]. - items: - type: string - type: array - description: - description: |- - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - type: string - displayName: - description: |- - User defined name of this taxonomy. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - type: string + gitRemoteSettings: + description: Optional. If set, configures this repository to be linked + to a Git remote. + properties: + authenticationTokenSecretVersion: + description: The name of the Secret Manager secret version to + use as an authentication token for Git operations. Must be in + the format projects/*/secrets/*/versions/*. + type: string + defaultBranch: + description: The Git remote's default branch name. + type: string + tokenStatus: + description: Indicates the status of the Git access token. https://cloud.google.com/dataform/reference/rest/v1beta1/projects.locations.repositories#TokenStatus. + type: string + url: + description: The Git remote's URL. + type: string + required: + - authenticationTokenSecretVersion + - defaultBranch + - url + type: object projectRef: description: The project that this resource belongs to. oneOf: @@ -32555,16 +48097,16 @@ spec: type: string type: object region: - description: Immutable. Taxonomy location region. + description: Immutable. A reference to the region. type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - displayName - projectRef + - region type: object status: properties: @@ -32594,11 +48136,6 @@ spec: type: string type: object type: array - name: - description: |- - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -32625,25 +48162,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowflextemplatejobs.dataflow.cnrm.cloud.google.com + name: datafusioninstances.datafusion.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: datafusion.cnrm.cloud.google.com names: categories: - gcp - kind: DataflowFlexTemplateJob - plural: dataflowflextemplatejobs + kind: DataFusionInstance + plural: datafusioninstances shortNames: - - gcpdataflowflextemplatejob - - gcpdataflowflextemplatejobs - singular: dataflowflextemplatejob + - gcpdatafusioninstance + - gcpdatafusioninstances + singular: datafusioninstance preserveUnknownFields: false scope: Namespaced versions: @@ -32681,20 +48218,147 @@ spec: type: object spec: properties: - containerSpecGcsPath: + dataprocServiceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + description: + description: Immutable. A description of this instance. type: string - parameters: + displayName: + description: Immutable. Display name for an instance. + type: string + enableStackdriverLogging: + description: Option to enable Stackdriver Logging. + type: boolean + enableStackdriverMonitoring: + description: Option to enable Stackdriver Monitoring. + type: boolean + location: + description: Immutable. The location for the resource + type: string + networkConfig: + description: Immutable. Network configuration options. These are required + when a private Data Fusion instance is to be created. + properties: + ipAllocation: + description: Immutable. The IP range in CIDR notation to use for + the managed Data Fusion instance nodes. This range must not + overlap with any other ranges used in the customer network. + type: string + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. + options: + additionalProperties: + type: string + description: Immutable. Map of additional options used to configure + the behavior of Data Fusion instance. + type: object + privateInstance: + description: Immutable. Specifies whether the Data Fusion instance + should be private. If set to true, all Data Fusion nodes will have + private IP addresses and will not be able to access the public internet. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Instance type. Possible values: + TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' + type: string + version: + description: Current version of the Data Fusion. + type: string + zone: + description: Immutable. Name of the zone in which the Data Fusion + instance will be created. Only DEVELOPER instances use this field. type: string required: - - containerSpecGcsPath + - location + - type type: object status: properties: + apiEndpoint: + description: Output only. Endpoint on which the REST APIs is accessible. + type: string + availableVersion: + description: Available versions that the instance can be upgraded + to. + items: + properties: + availableFeatures: + description: Represents a list of available feature names for + a given version. + items: + type: string + type: array + defaultVersion: + description: Whether this is currently the default version for + Cloud Data Fusion + type: boolean + versionNumber: + description: The version number of the Data Fusion instance, + such as '6.0.1.0'. + type: string + type: object + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -32721,7 +48385,13 @@ spec: type: string type: object type: array - jobId: + createTime: + description: Output only. The time the instance was created. + format: date-time + type: string + gcsBucket: + description: Output only. Cloud Storage bucket generated by Data Fusion + in the customer project. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -32730,7 +48400,27 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + p4ServiceAccount: + description: Output only. P4 service account for the customer project. + type: string + serviceEndpoint: + description: Output only. Endpoint on which the Data Fusion UI is + accessible. + type: string state: + description: 'Output only. The current state of this Data Fusion instance. + Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' + type: string + stateMessage: + description: Output only. Additional information about the current + state of this Data Fusion instance if available. + type: string + tenantProjectId: + description: Output only. The name of the tenant project. + type: string + updateTime: + description: Output only. The time the instance was last updated. + format: date-time type: string type: object required: @@ -32751,25 +48441,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dataflowjobs.dataflow.cnrm.cloud.google.com + name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com spec: - group: dataflow.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - - gcp - kind: DataflowJob - plural: dataflowjobs + - gcp + kind: DataprocAutoscalingPolicy + plural: dataprocautoscalingpolicies shortNames: - - gcpdataflowjob - - gcpdataflowjobs - singular: dataflowjob + - gcpdataprocautoscalingpolicy + - gcpdataprocautoscalingpolicies + singular: dataprocautoscalingpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -32807,57 +48497,74 @@ spec: type: object spec: properties: - additionalExperiments: - description: List of experiments that should be used by the job. An - example value is ["enable_stackdriver_agent_metrics"]. - items: - type: string - type: array - enableStreamingEngine: - description: Indicates if the job should use the streaming engine - feature. - type: boolean - ipConfiguration: - description: The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" - or "WORKER_IP_PRIVATE". - type: string - kmsKeyRef: - description: The name for the Cloud KMS key for the job. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + basicAlgorithm: properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + cooldownPeriod: + description: 'Optional. Duration between scaling events. A scaling + period starts after the update operation from the previous event + has completed. Bounds: . Default: 2m.' type: string + yarnConfig: + description: Required. YARN autoscaling configuration. + properties: + gracefulDecommissionTimeout: + description: Required. Timeout for YARN graceful decommissioning + of Node Managers. Specifies the duration to wait for jobs + to complete before forcefully removing workers (and potentially + interrupting jobs). Only applicable to downscaling operations. + type: string + scaleDownFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to remove workers. + A scale-down factor of 1 will result in scaling down so + that there is no available memory remaining after the update + (more aggressive scaling). A scale-down factor of 0 disables + removing workers, which can be beneficial for autoscaling + a single job. See . + format: double + type: number + scaleDownMinWorkerFraction: + description: 'Optional. Minimum scale-down threshold as a + fraction of total cluster size before scaling occurs. For + example, in a 20-worker cluster, a threshold of 0.1 means + the autoscaler must recommend at least a 2 worker scale-down + for the cluster to scale. A threshold of 0 means the autoscaler + will scale down on any recommended change. Bounds: . Default: + 0.0.' + format: double + type: number + scaleUpFactor: + description: Required. Fraction of average YARN pending memory + in the last cooldown period for which to add workers. A + scale-up factor of 1.0 will result in scaling up so that + there is no pending memory remaining after the update (more + aggressive scaling). A scale-up factor closer to 0 will + result in a smaller magnitude of scaling up (less aggressive + scaling). See . + format: double + type: number + scaleUpMinWorkerFraction: + description: 'Optional. Minimum scale-up threshold as a fraction + of total cluster size before scaling occurs. For example, + in a 20-worker cluster, a threshold of 0.1 means the autoscaler + must recommend at least a 2-worker scale-up for the cluster + to scale. A threshold of 0 means the autoscaler will scale + up on any recommended change. Bounds: . Default: 0.0.' + format: double + type: number + required: + - gracefulDecommissionTimeout + - scaleDownFactor + - scaleUpFactor + type: object + required: + - yarnConfig type: object - machineType: - description: The machine type to use for the job. + location: + description: Immutable. The location for the resource type: string - maxWorkers: - description: Immutable. The number of workers permitted to work on - the job. More workers may improve processing speed at additional - cost. - type: integer - networkRef: + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -32874,8 +48581,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -32884,94 +48593,94 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - parameters: - description: Key/Value pairs to be passed to the Dataflow job (as - used in the template). - type: object - x-kubernetes-preserve-unknown-fields: true - region: - description: Immutable. The region in which the created job should - run. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Optional. Describes how the autoscaler will operate for + secondary workers. properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + maxInstances: + description: 'Optional. Maximum number of instances for this group. + Note that by default, clusters will not use secondary workers. + Required for secondary workers if the minimum secondary instances + is set. Primary workers - Bounds: [min_instances, ). Secondary + workers - Bounds: [min_instances, ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer type: object - subnetworkRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Required. Describes how the autoscaler will operate for + primary workers. properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeSubnetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempGcsLocation: - description: A writeable location on Google Cloud Storage for the - Dataflow job to dump its temporary data. - type: string - templateGcsPath: - description: The Google Cloud Storage path to the Dataflow job template. - type: string - transformNameMapping: - description: Only applicable when updating a pipeline. Map of transform - name prefixes of the job to be replaced with the corresponding name - prefixes of the new job. + maxInstances: + description: 'Required. Maximum number of instances for this group. + Required for primary workers. Note that by default, clusters + will not use secondary workers. Required for secondary workers + if the minimum secondary instances is set. Primary workers - + Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, + ). Default: 0.' + format: int64 + type: integer + minInstances: + description: 'Optional. Minimum number of instances for this group. + Primary workers - Bounds: . Default: 0.' + format: int64 + type: integer + weight: + description: 'Optional. Weight for the instance group, which is + used to determine the fraction of total workers in the cluster + from this instance group. For example, if primary workers have + weight 2, and secondary workers have weight 1, the cluster will + have approximately 2 primary workers for each secondary worker. + The cluster may not reach the specified balance if constrained + by min/max bounds or other autoscaling settings. For example, + if `max_instances` for secondary workers is 0, then only primary + workers will be added. The cluster can also be out of balance + when created. If weight is not set on any instance group, the + cluster will default to equal weight for all groups: the cluster + will attempt to maintain an equal number of workers in each + group within the configured size bounds for each group. If weight + is set for one group only, the cluster will default to zero + weight on the unset group. For example if weight is set only + on primary workers, the cluster will use primary workers only + and no secondary workers.' + format: int64 + type: integer + required: + - maxInstances type: object - x-kubernetes-preserve-unknown-fields: true - zone: - description: Immutable. The zone in which the created job should run. - If it is not provided, the provider zone is used. - type: string required: - - tempGcsLocation - - templateGcsPath + - basicAlgorithm + - location + - workerConfig type: object status: properties: @@ -33001,9 +48710,6 @@ spec: type: string type: object type: array - jobId: - description: The unique ID of this job. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33011,13 +48717,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: The current state of the resource, selected from the - JobState enum. - type: string - type: - description: The type of this job, selected from the JobType enum. - type: string type: object required: - spec @@ -33037,25 +48736,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: datafusioninstances.datafusion.cnrm.cloud.google.com + name: dataprocclusters.dataproc.cnrm.cloud.google.com spec: - group: datafusion.cnrm.cloud.google.com + group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataFusionInstance - plural: datafusioninstances + kind: DataprocCluster + plural: dataprocclusters shortNames: - - gcpdatafusioninstance - - gcpdatafusioninstances - singular: datafusioninstance + - gcpdataproccluster + - gcpdataprocclusters + singular: dataproccluster preserveUnknownFields: false scope: Namespaced versions: @@ -33093,60 +48792,850 @@ spec: type: object spec: properties: - dataprocServiceAccountRef: - oneOf: - - not: + config: + description: Immutable. The cluster config. Note that Dataproc may + set default values, and values may change when clusters are updated. + properties: + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for the policy + associated with the cluster. Cluster does not autoscale if this + field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + dataprocMetricConfig: + description: Immutable. Optional. The config for Dataproc metrics. + properties: + metrics: + description: Immutable. Required. Metrics sources to enable. + items: + properties: + metricOverrides: + description: 'Immutable. Optional. Specify one or more + [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + to collect for the metric course (for the `SPARK` + metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) + can be specified). Provide metrics in the following + format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use + camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted + spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed + hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` + Notes: * Only the specified overridden metrics will + be collected for the metric source. For example, if + one or more `spark:executive` metrics are listed as + metric overrides, other `SPARK` metrics will not be + collected. The collection of the default metrics for + other OSS metric sources is unaffected. For example, + if both `SPARK` andd `YARN` metric sources are enabled, + and overrides are provided for Spark metrics only, + all default YARN metrics will be collected.' + items: + type: string + type: array + metricSource: + description: 'Immutable. Required. Default metrics are + collected unless `metricOverrides` are specified for + the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) + for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, + MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, + HIVESERVER2' + type: string + required: + - metricSource + type: object + type: array + required: + - metrics + type: object + encryptionConfig: + description: Immutable. Optional. Encryption settings for the + cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable http access + to specific ports on the cluster from external sources. + Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine config + settings for all instances in a cluster. + properties: + confidentialInstanceConfig: + description: Immutable. Optional. Confidential Instance Config + for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). + properties: + enableConfidentialCompute: + description: Immutable. Optional. Defines whether the + instance should have confidential compute enabled. + type: boolean + type: object + internalIPOnly: + description: Immutable. Optional. If true, all instances in + the cluster will only have internal IP addresses. By default, + clusters are not restricted to internal IP addresses, and + will have ephemeral external IP addresses assigned to each + instance. This `internal_ip_only` restriction can only be + enabled for subnetwork enabled networks, and all off-cluster + dependencies must be configured to be accessible without + external IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata entries + to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity for + sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 access + for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity for + consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, + ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds to the label + key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds to the label + values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service account + scopes to be included in Compute Engine instances. The following + base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write If no scopes + are specified, the following defaults are also provided: + * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance Config + for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether instances + have integrity monitoring enabled. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether instances + have Secure Boot enabled. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether instances + have the vTPM enabled. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to add to + all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where the Compute + Engine cluster will be located. On a create request, it + is required in the "global" region. If omitted in a non-global + Dataproc region, the service will pick a zone in the corresponding + Compute Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name are valid. + Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute on each + node after config is completed. By default, executables are + run on master and all worker nodes. You can test a node''s `role` + metadata to run an executable on a master or worker node, as + shown below using `curl` (you can also use `wget`): ROLE=$(curl + -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions + ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage URI of executable + file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time executable + has to complete. Default is 10 minutes (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error message + (the name of the executable that caused the error and + the exceeded timeout period) if the executable is not + completed at end of the timeout period. + type: string + required: + - executableFile + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster will + be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration of + cluster. The cluster will be auto-deleted at the end of + this period. Minimum value is 10 minutes; maximum value + is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to keep the + cluster alive while idling (when no jobs are running). Passing + this threshold will cause the cluster to be deleted. Minimum + value is 5 minutes; maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config settings + for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + metastoreConfig: + description: Immutable. Optional. Metastore configuration. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing Dataproc + Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. This allows users to have fine-grained access control on Dataproc's accesses to cloud resources. + - dataprocMetastoreServiceRef + type: object + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config settings + for additional worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string + type: object + securityConfig: + description: Immutable. Optional. Security settings for the cluster. + properties: + identityConfig: + description: Immutable. Optional. Identity related configuration, + including service account based secure multi-tenancy user + mappings. + properties: + userServiceAccountMapping: + additionalProperties: + type: string + description: Immutable. Required. Map of user to service + account. + type: object + required: + - userServiceAccountMapping + type: object + kerberosConfig: + description: Immutable. Optional. Kerberos related configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server (IP + or hostname) for the remote trusted realm in a cross + realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP or hostname) + for the remote trusted realm in a cross realm trust + relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm the + Dataproc on-cluster KDC will trust, should the user + enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the shared password + between the on-cluster Kerberos realm and the remote + trusted realm, in a cross realm trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate whether + to Kerberize the cluster (default: false). Set this + field to true to enable Kerberos on a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the master key of + the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided key. For the self-signed certificate, + this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage URI + of the keystore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided keystore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - description: - description: Immutable. A description of this instance. - type: string - displayName: - description: Immutable. Display name for an instance. - type: string - enableStackdriverLogging: - description: Option to enable Stackdriver Logging. - type: boolean - enableStackdriverMonitoring: - description: Option to enable Stackdriver Monitoring. - type: boolean - location: - description: Immutable. The location for the resource - type: string - networkConfig: - description: Immutable. Network configuration options. These are required - when a private Data Fusion instance is to be created. - properties: - ipAllocation: - description: Immutable. The IP range in CIDR notation to use for - the managed Data Fusion instance nodes. This range must not - overlap with any other ranges used in the customer network. - type: string - networkRef: + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of the on-cluster + Kerberos realm. If not specified, the uppercased domain + of hostnames will be the realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the root principal + password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime of the + ticket granting ticket, in hours. If not specified, + or user specifies 0, then default value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage URI + of the truststore file used for SSL encryption. If not + provided, Dataproc will provide a self-signed certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage URI + of a KMS encrypted file containing the password to the + user provided truststore. For the self-signed certificate, + this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings for software + inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported [Dataproc + Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such as "1.2.29"), + or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components to + activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties to set on + daemon config files. Property keys are specified in `prefix:property` + format, for example `core:hadoop.tmp.dir`. The following + are supported prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` * distcp: + `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` + * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: + `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -33165,9 +49654,9 @@ spec: properties: external: description: |- - Name of the network in the customer project with which the Tenant Project will be peered for executing pipelines. In case of shared VPC where the network resides in another host project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -33176,267 +49665,160 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - options: - additionalProperties: - type: string - description: Immutable. Map of additional options used to configure - the behavior of Data Fusion instance. - type: object - privateInstance: - description: Immutable. Specifies whether the Data Fusion instance - should be private. If set to true, all Data Fusion nodes will have - private IP addresses and will not be able to access the public internet. - type: boolean - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Instance type. Possible values: - TYPE_UNSPECIFIED, BASIC, ENTERPRISE, DEVELOPER' - type: string - version: - description: Current version of the Data Fusion. - type: string - zone: - description: Immutable. Name of the zone in which the Data Fusion - instance will be created. Only DEVELOPER instances use this field. - type: string - required: - - location - - type - type: object - status: - properties: - apiEndpoint: - description: Output only. Endpoint on which the REST APIs is accessible. - type: string - availableVersion: - description: Available versions that the instance can be upgraded - to. - items: - properties: - availableFeatures: - description: Represents a list of available feature names for - a given version. - items: + tempBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string - type: array - defaultVersion: - description: Whether this is currently the default version for - Cloud Data Fusion - type: boolean - versionNumber: - description: The version number of the Data Fusion instance, - such as '6.0.1.0'. - type: string - type: object - type: array - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - createTime: - description: Output only. The time the instance was created. - format: date-time - type: string - gcsBucket: - description: Output only. Cloud Storage bucket generated by Data Fusion - in the customer project. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - p4ServiceAccount: - description: Output only. P4 service account for the customer project. - type: string - serviceEndpoint: - description: Output only. Endpoint on which the Data Fusion UI is - accessible. - type: string - state: - description: 'Output only. The current state of this Data Fusion instance. - Possible values: STATE_UNSPECIFIED, ENABLED, DISABLED, UNKNOWN' - type: string - stateMessage: - description: Output only. Additional information about the current - state of this Data Fusion instance if available. - type: string - tenantProjectId: - description: Output only. The name of the tenant project. - type: string - updateTime: - description: Output only. The time the instance was last updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dataprocautoscalingpolicies.dataproc.cnrm.cloud.google.com -spec: - group: dataproc.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DataprocAutoscalingPolicy - plural: dataprocautoscalingpolicies - shortNames: - - gcpdataprocautoscalingpolicy - - gcpdataprocautoscalingpolicies - singular: dataprocautoscalingpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - basicAlgorithm: - properties: - cooldownPeriod: - description: 'Optional. Duration between scaling events. A scaling - period starts after the update operation from the previous event - has completed. Bounds: . Default: 2m.' - type: string - yarnConfig: - description: Required. YARN autoscaling configuration. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + workerConfig: + description: Immutable. Optional. The Compute Engine config settings + for worker instances in a cluster. properties: - gracefulDecommissionTimeout: - description: Required. Timeout for YARN graceful decommissioning - of Node Managers. Specifies the duration to wait for jobs - to complete before forcefully removing workers (and potentially - interrupting jobs). Only applicable to downscaling operations. + accelerators: + description: Immutable. Optional. The Compute Engine accelerator + configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, or short + name of the accelerator type resource to expose to + this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the accelerator + type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of the boot + disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the boot disk + (default is "pd-standard"). Valid values: "pd-balanced" + (Persistent Disk Balanced Solid State Drive), "pd-ssd" + (Persistent Disk Solid State Drive), or "pd-standard" + (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + localSsdInterface: + description: 'Immutable. Optional. Interface type of local + SSDs (default is "scsi"). Valid values: "scsi" (Small + Computer System Interface), "nvme" (Non-Volatile Memory + Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached SSDs, + from 0 to 4 (default is 0). If SSDs are not attached, + the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this runtime + bulk data is spread across them, and the boot disk contains + only basic config and installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine machine + type used for cluster instances. A full URL, partial URI, + or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you are using + the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine type + resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum cpu + platform for the Instance Group. See [Dataproc -> Minimum + CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM instances + in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must be + set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master and + worker groups is `NON_PREEMPTIBLE`. This default cannot + be changed. The default value for secondary instances is + `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string - scaleDownFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to remove workers. - A scale-down factor of 1 will result in scaling down so - that there is no available memory remaining after the update - (more aggressive scaling). A scale-down factor of 0 disables - removing workers, which can be beneficial for autoscaling - a single job. See . - format: double - type: number - scaleDownMinWorkerFraction: - description: 'Optional. Minimum scale-down threshold as a - fraction of total cluster size before scaling occurs. For - example, in a 20-worker cluster, a threshold of 0.1 means - the autoscaler must recommend at least a 2 worker scale-down - for the cluster to scale. A threshold of 0 means the autoscaler - will scale down on any recommended change. Bounds: . Default: - 0.0.' - format: double - type: number - scaleUpFactor: - description: Required. Fraction of average YARN pending memory - in the last cooldown period for which to add workers. A - scale-up factor of 1.0 will result in scaling up so that - there is no pending memory remaining after the update (more - aggressive scaling). A scale-up factor closer to 0 will - result in a smaller magnitude of scaling up (less aggressive - scaling). See . - format: double - type: number - scaleUpMinWorkerFraction: - description: 'Optional. Minimum scale-up threshold as a fraction - of total cluster size before scaling occurs. For example, - in a 20-worker cluster, a threshold of 0.1 means the autoscaler - must recommend at least a 2-worker scale-up for the cluster - to scale. A threshold of 0 means the autoscaler will scale - up on any recommended change. Bounds: . Default: 0.0.' - format: double - type: number - required: - - gracefulDecommissionTimeout - - scaleDownFactor - - scaleUpFactor type: object - required: - - yarnConfig type: object location: - description: Immutable. The location for the resource + description: Immutable. The location for the resource, usually a GCP + region. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -33457,7 +49839,7 @@ spec: properties: external: description: |- - The project for the resource + Required. The Google Cloud Platform project ID that the cluster belongs to. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -33473,92 +49855,413 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - secondaryWorkerConfig: - description: Optional. Describes how the autoscaler will operate for - secondary workers. - properties: - maxInstances: - description: 'Optional. Maximum number of instances for this group. - Note that by default, clusters will not use secondary workers. - Required for secondary workers if the minimum secondary instances - is set. Primary workers - Bounds: [min_instances, ). Secondary - workers - Bounds: [min_instances, ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer - type: object - workerConfig: - description: Required. Describes how the autoscaler will operate for - primary workers. + virtualClusterConfig: + description: Immutable. Optional. The virtual cluster config is used + when creating a Dataproc cluster that does not directly control + the underlying compute resources, for example, when creating a [Dataproc-on-GKE + cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). + Dataproc may set default values, and values may change when clusters + are updated. Exactly one of config or virtual_cluster_config must + be specified. properties: - maxInstances: - description: 'Required. Maximum number of instances for this group. - Required for primary workers. Note that by default, clusters - will not use secondary workers. Required for secondary workers - if the minimum secondary instances is set. Primary workers - - Bounds: [min_instances, ). Secondary workers - Bounds: [min_instances, - ). Default: 0.' - format: int64 - type: integer - minInstances: - description: 'Optional. Minimum number of instances for this group. - Primary workers - Bounds: . Default: 0.' - format: int64 - type: integer - weight: - description: 'Optional. Weight for the instance group, which is - used to determine the fraction of total workers in the cluster - from this instance group. For example, if primary workers have - weight 2, and secondary workers have weight 1, the cluster will - have approximately 2 primary workers for each secondary worker. - The cluster may not reach the specified balance if constrained - by min/max bounds or other autoscaling settings. For example, - if `max_instances` for secondary workers is 0, then only primary - workers will be added. The cluster can also be out of balance - when created. If weight is not set on any instance group, the - cluster will default to equal weight for all groups: the cluster - will attempt to maintain an equal number of workers in each - group within the configured size bounds for each group. If weight - is set for one group only, the cluster will default to zero - weight on the unset group. For example if weight is set only - on primary workers, the cluster will use primary workers only - and no secondary workers.' - format: int64 - type: integer + auxiliaryServicesConfig: + description: Immutable. Optional. Configuration of auxiliary services + used by this cluster. + properties: + metastoreConfig: + description: Immutable. Optional. The Hive Metastore configuration + for this workload. + properties: + dataprocMetastoreServiceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Required. Resource name of an existing + Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + type: string + name: + description: |- + [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - dataprocMetastoreServiceRef + type: object + sparkHistoryServerConfig: + description: Immutable. Optional. The Spark History Server + configuration for the workload. + properties: + dataprocClusterRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + + Allowed value: The `selfLink` field of a `DataprocCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + kubernetesClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on Kubernetes. + properties: + gkeClusterConfig: + description: Immutable. Required. The configuration for running + the Dataproc cluster on GKE. + properties: + gkeClusterTargetRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodePoolTarget: + description: Immutable. Optional. GKE node pools where + workloads will be scheduled. At least one node pool + must be assigned the `DEFAULT` GkeNodePoolTarget.Role. + If a `GkeNodePoolTarget` is not specified, Dataproc + constructs a `DEFAULT` `GkeNodePoolTarget`. Each role + can be given to only one `GkeNodePoolTarget`. All node + pools must have the same location settings. + items: + properties: + nodePoolConfig: + description: Immutable. Input only. The configuration + for the GKE node pool. If specified, Dataproc + attempts to create a node pool with the specified + shape. If one with the same name already exists, + it is verified against all specified fields. If + a field differs, the virtual cluster creation + will fail. If omitted, any node pool with the + specified name is used. If a node pool with the + specified name does not exist, Dataproc create + a node pool with default values. This is an input + only field. It will not be returned by the API. + properties: + autoscaling: + description: Immutable. Optional. The autoscaler + configuration for this node pool. The autoscaler + is enabled only when a valid configuration + is present. + properties: + maxNodeCount: + description: Immutable. The maximum number + of nodes in the node pool. Must be >= + min_node_count, and must be > 0. **Note:** + Quota must be sufficient to scale up the + cluster. + format: int64 + type: integer + minNodeCount: + description: Immutable. The minimum number + of nodes in the node pool. Must be >= + 0 and <= max_node_count. + format: int64 + type: integer + type: object + config: + description: Immutable. Optional. The node pool + configuration. + properties: + accelerators: + description: Immutable. Optional. A list + of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) + to attach to each node. + items: + properties: + acceleratorCount: + description: Immutable. The number + of accelerator cards exposed to + an instance. + format: int64 + type: integer + acceleratorType: + description: Immutable. The accelerator + type resource namename (see GPUs + on Compute Engine). + type: string + gpuPartitionSize: + description: Immutable. Size of partitions + to create on the GPU. Valid values + are described in the NVIDIA [mig + user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). + type: string + type: object + type: array + bootDiskKmsKey: + description: 'Immutable. Optional. The [Customer + Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) + used to encrypt the boot disk attached + to each node in the node pool. Specify + the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' + type: string + ephemeralStorageConfig: + description: Immutable. Optional. Parameters + for the ephemeral storage filesystem. + If unspecified, ephemeral storage is backed + by the boot disk. + properties: + localSsdCount: + description: Immutable. Number of local + SSDs to use to back ephemeral storage. + Uses NVMe interfaces. Each local SSD + is 375 GB in size. If zero, it means + to disable using local SSDs as ephemeral + storage. + format: int64 + type: integer + type: object + localSsdCount: + description: Immutable. Optional. The number + of local SSD disks to attach to the node, + which is limited by the maximum number + of disks allowable per zone (see [Adding + Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). + format: int64 + type: integer + machineType: + description: Immutable. Optional. The name + of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). + type: string + minCpuPlatform: + description: Immutable. Optional. [Minimum + CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) + to be used by this instance. The instance + may be scheduled on the specified or a + newer CPU platform. Specify the friendly + names of CPU platforms, such as "Intel + Haswell"` or Intel Sandy Bridge". + type: string + preemptible: + description: Immutable. Optional. Whether + the nodes are created as legacy [preemptible + VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). + Also see Spot VMs, preemptible VM instances + without a maximum lifetime. Legacy and + Spot preemptible nodes cannot be used + in a node pool with the `CONTROLLER` [role] + (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + spot: + description: Immutable. Optional. Whether + the nodes are created as [Spot VM instances] + (https://cloud.google.com/compute/docs/instances/spot). + Spot VMs are the latest update to legacy + preemptible VMs. Spot VMs do not have + a maximum lifetime. Legacy and Spot preemptible + nodes cannot be used in a node pool with + the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) + or in the DEFAULT node pool if the CONTROLLER + role is not assigned (the DEFAULT node + pool will assume the CONTROLLER role). + type: boolean + type: object + locations: + description: Immutable. Optional. The list of + Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) + where node pool nodes associated with a Dataproc + on GKE virtual cluster will be located. **Note:** + All node pools associated with a virtual cluster + must be located in the same region as the + virtual cluster, and they must be located + in the same zone within that region. If a + location is not specified during node pool + creation, Dataproc on GKE will choose the + zone. + items: + type: string + type: array + type: object + nodePoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' + + Allowed value: The `selfLink` field of a `ContainerNodePool` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + roles: + description: Immutable. Required. The roles associated + with the GKE node pool. + items: + type: string + type: array + required: + - nodePoolRef + - roles + type: object + type: array + type: object + kubernetesNamespace: + description: Immutable. Optional. A namespace within the Kubernetes + cluster to deploy into. If this namespace does not exist, + it is created. If it exists, Dataproc verifies that another + Dataproc VirtualCluster is not installed into it. If not + specified, the name of the Dataproc Cluster is used. + type: string + kubernetesSoftwareConfig: + description: Immutable. Optional. The software configuration + for this Dataproc cluster running on Kubernetes. + properties: + componentVersion: + additionalProperties: + type: string + description: Immutable. The components that should be + installed in this Dataproc cluster. The key must be + a string from the KubernetesComponent enumeration. The + value is the version of the software to be installed. + At least one entry must be specified. + type: object + properties: + additionalProperties: + type: string + description: 'Immutable. The properties to set on daemon + config files. Property keys are specified in `prefix:property` + format, for example `spark:spark.kubernetes.container.image`. + The following are supported prefixes and their mappings: + * spark: `spark-defaults.conf` For more information, + see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + required: + - gkeClusterConfig + type: object + stagingBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - maxInstances + - kubernetesClusterConfig type: object required: - - basicAlgorithm - location - - workerConfig type: object status: properties: + clusterUuid: + description: Output only. A cluster UUID (Unique Universal Identifier). + Dataproc generates this value when it creates the cluster. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -33585,6 +50288,197 @@ spec: type: string type: object type: array + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions to + URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became idle + (most recent job finished) and became eligible for deletion + due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. Dataproc + derives the names from `cluster_name`, `num_instances`, + and the instance group. + items: + type: string + type: array + instanceReferences: + description: Output only. List of references to Compute Engine + instances. + items: + properties: + instanceId: + description: The unique identifier of the Compute Engine + instance. + type: string + instanceName: + description: The user-friendly name of the Compute Engine + instance. + type: string + publicEciesKey: + description: The public ECIES key used for sharing data + with this instance. + type: string + publicKey: + description: The public RSA key used for sharing data + with this instance. + type: string + type: object + type: array + isPreemptible: + description: Output only. Specifies that this instance group + contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine Instance + Group Manager that manages this group. This is only used + for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance Group + Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance Template + used for the Managed Instance Group. + type: string + type: object + type: object + type: object + metrics: + description: 'Output only. Contains cluster daemon metrics such as + HDFS and YARN stats. **Beta Feature**: This report is available + for testing purposes only. It may be changed before final release.' + properties: + hdfsMetrics: + additionalProperties: + type: string + description: The HDFS metrics. + type: object + yarnMetrics: + additionalProperties: + type: string + description: The YARN metrics. + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -33592,6 +50486,52 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + status: + description: Output only. Cluster status. + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that includes + status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + statusHistory: + description: Output only. The previous cluster status. + items: + properties: + detail: + description: Optional. Output only. Details of cluster's state. + type: string + state: + description: 'Output only. The cluster''s state. Possible values: + UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, + STOPPED, STARTING' + type: string + stateStartTime: + description: Output only. Time when this state was entered (see + JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + substate: + description: 'Output only. Additional state information that + includes status reported by the agent. Possible values: UNSPECIFIED, + UNHEALTHY, STALE_STATUS' + type: string + type: object + type: array type: object required: - spec @@ -33611,25 +50551,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dataprocclusters.dataproc.cnrm.cloud.google.com + name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com spec: group: dataproc.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocCluster - plural: dataprocclusters + kind: DataprocWorkflowTemplate + plural: dataprocworkflowtemplates shortNames: - - gcpdataproccluster - - gcpdataprocclusters - singular: dataproccluster + - gcpdataprocworkflowtemplate + - gcpdataprocworkflowtemplates + singular: dataprocworkflowtemplate preserveUnknownFields: false scope: Namespaced versions: @@ -33667,1125 +50607,1473 @@ spec: type: object spec: properties: - config: - description: Immutable. The cluster config. Note that Dataproc may - set default values, and values may change when clusters are updated. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for the policy - associated with the cluster. Cluster does not autoscale if this - field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - dataprocMetricConfig: - description: Immutable. Optional. The config for Dataproc metrics. - properties: - metrics: - description: Immutable. Required. Metrics sources to enable. - items: - properties: - metricOverrides: - description: 'Immutable. Optional. Specify one or more - [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - to collect for the metric course (for the `SPARK` - metric source, any [Spark metric] (https://spark.apache.org/docs/latest/monitoring.html#metrics) - can be specified). Provide metrics in the following - format: `METRIC_SOURCE:INSTANCE:GROUP:METRIC` Use - camelcase as appropriate. Examples: ``` yarn:ResourceManager:QueueMetrics:AppsCompleted - spark:driver:DAGScheduler:job.allJobs sparkHistoryServer:JVM:Memory:NonHeapMemoryUsage.committed - hiveserver2:JVM:Memory:NonHeapMemoryUsage.used ``` - Notes: * Only the specified overridden metrics will - be collected for the metric source. For example, if - one or more `spark:executive` metrics are listed as - metric overrides, other `SPARK` metrics will not be - collected. The collection of the default metrics for - other OSS metric sources is unaffected. For example, - if both `SPARK` andd `YARN` metric sources are enabled, - and overrides are provided for Spark metrics only, - all default YARN metrics will be collected.' - items: - type: string - type: array - metricSource: - description: 'Immutable. Required. Default metrics are - collected unless `metricOverrides` are specified for - the metric source (see [Available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) - for more information). Possible values: METRIC_SOURCE_UNSPECIFIED, - MONITORING_AGENT_DEFAULTS, HDFS, SPARK, YARN, SPARK_HISTORY_SERVER, - HIVESERVER2' - type: string - required: - - metricSource - type: object - type: array - required: - - metrics - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings for the - cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + dagTimeout: + description: Immutable. Optional. Timeout duration for the DAG of + jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + The timeout duration must be from 10 minutes ("600s") to 24 hours + ("86400s"). The timer begins when the first job is submitted. If + the workflow is running at the end of the timeout period, any remaining + jobs are cancelled, the workflow is ended, and if the workflow was + running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), + the cluster is deleted. + type: string + jobs: + description: Immutable. Required. The Directed Acyclic Graph of Jobs + to submit. + items: + properties: + hadoopJob: + description: Immutable. Optional. Job is a Hadoop job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted in the working directory of Hadoop drivers + and tasks. Supported file types: .jar, .tar, .tar.gz, + .tgz, or .zip.' + items: type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable http access - to specific ports on the cluster from external sources. - Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine config - settings for all instances in a cluster. - properties: - confidentialInstanceConfig: - description: Immutable. Optional. Confidential Instance Config - for clusters using [Confidential VMs](https://cloud.google.com/compute/confidential-vm/docs). - properties: - enableConfidentialCompute: - description: Immutable. Optional. Defines whether the - instance should have confidential compute enabled. - type: boolean - type: object - internalIPOnly: - description: Immutable. Optional. If true, all instances in - the cluster will only have internal IP addresses. By default, - clusters are not restricted to internal IP addresses, and - will have ephemeral external IP addresses assigned to each - instance. This `internal_ip_only` restriction can only be - enabled for subnetwork enabled networks, and all off-cluster - dependencies must be configured to be accessible without - external IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata entries - to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `-libjars` + or `-Dfoo=bar`, that can be set as job properties, since + a collision may occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS (Hadoop Compatible + Filesystem) URIs of files to be copied to the working + directory of Hadoop drivers and distributed tasks. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. Jar file URIs to add to + the CLASSPATHs of the Hadoop driver and tasks. + items: type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity for - sole-tenant clusters. - properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: type: string - type: object - required: - - nodeGroupRef - type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 access - for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity for - consuming Zonal reservation. + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file containing the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: 'Immutable. The HCFS URI of the jar file containing + the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' + ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' + type: string properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, - ANY_RESERVATION, SPECIFIC_RESERVATION' + additionalProperties: type: string - key: - description: Immutable. Optional. Corresponds to the label - key of reservation resource. + description: Immutable. Optional. A mapping of property + names to values, used to configure Hadoop. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/hadoop/conf/*-site + and classes in user code. + type: object + type: object + hiveJob: + description: Immutable. Optional. Job is a Hive job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Hive server and Hadoop + MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. + items: type: string - values: - description: Immutable. Optional. Corresponds to the label - values of reservation resource. - items: - type: string - type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + additionalProperties: type: string - type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service account - scopes to be included in Compute Engine instances. The following - base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write If no scopes - are specified, the following defaults are also provided: - * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control' - items: + description: Immutable. Optional. A mapping of property + names and values, used to configure Hive. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/hive/conf/hive-site.xml, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains Hive queries. type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance Config - for clusters using [Compute Engine Shielded VMs](https://cloud.google.com/security/shielded-cloud/shielded-vm). - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether instances - have integrity monitoring enabled. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether instances - have Secure Boot enabled. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether instances - have the vTPM enabled. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array required: - - external - properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + - queries + type: object + scriptVariables: + additionalProperties: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Hive command: `SET + name="value";`).' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate with + this job. Label keys must be between 1 and 63 characters long, + and must conform to the following regular expression: p{Ll}p{Lo}{0,62} + Label values must be between 1 and 63 characters long, and + must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} + No more than 32 labels can be associated with a given job.' + type: object + pigJob: + description: Immutable. Optional. Job is a Pig job. + properties: + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATH of the Pig Client and Hadoop MapReduce + (MR) tasks. Can contain Pig UDFs. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + properties: + additionalProperties: type: string - type: object - tags: - description: Immutable. The Compute Engine tags to add to - all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: + description: Immutable. Optional. A mapping of property + names to values, used to configure Pig. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/hadoop/conf/*-site.xml, + /etc/pig/conf/pig.properties, and classes in user code. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains the Pig queries. type: string - type: array - zone: - description: 'Immutable. Optional. The zone where the Compute - Engine cluster will be located. On a create request, it - is required in the "global" region. If omitted in a non-global - Dataproc region, the service will pick a zone in the corresponding - Compute Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name are valid. - Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: + type: string + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Pig command: `name=[value]`).' + type: object + type: object + prerequisiteStepIds: + description: Immutable. Optional. The optional list of prerequisite + job step_ids. If not specified, the job will start at the + beginning of workflow. + items: type: string - type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute on each - node after config is completed. By default, executables are - run on master and all worker nodes. You can test a node''s `role` - metadata to run an executable on a master or worker node, as - shown below using `curl` (you can also use `wget`): ROLE=$(curl - -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific actions - ... else ... worker specific actions ... fi' - items: + type: array + prestoJob: + description: Immutable. Optional. Job is a Presto job. properties: - executableFile: - description: Immutable. Required. Cloud Storage URI of executable - file. + clientTags: + description: Immutable. Optional. Presto client tags to + attach to this query + items: + type: string + type: array + continueOnFailure: + description: Immutable. Optional. Whether to continue executing + queries if a query fails. The default value is `false`. + Setting to `true` can be useful when executing independent + parallel queries. + type: boolean + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + outputFormat: + description: Immutable. Optional. The format in which query + output will be displayed. See the Presto documentation + for supported output formats type: string - executionTimeout: - description: Immutable. Optional. Amount of time executable - has to complete. Default is 10 minutes (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error message - (the name of the executable that caused the error and - the exceeded timeout period) if the executable is not - completed at end of the timeout period. + properties: + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) + Equivalent to using the --session flag in the Presto CLI + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. type: string - required: - - executableFile + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object type: object - type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster will - be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration of - cluster. The cluster will be auto-deleted at the end of - this period. Minimum value is 10 minutes; maximum value - is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to keep the - cluster alive while idling (when no jobs are running). Passing - this threshold will cause the cluster to be deleted. Minimum - value is 5 minutes; maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config settings - for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + pysparkJob: + description: Immutable. Optional. Job is a PySpark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: + type: string + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: + type: string + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Python driver and tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainPythonFileUri: + description: Immutable. Required. The HCFS URI of the main + Python file to use as the driver. Must be a .py file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: + type: string + description: Immutable. Optional. A mapping of property + names to values, used to configure PySpark. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + pythonFileUris: + description: 'Immutable. Optional. HCFS file URIs of Python + files to pass to the PySpark framework. Supported file + types: .py, .egg, and .zip.' + items: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + type: array + required: + - mainPythonFileUri + type: object + scheduling: + description: Immutable. Optional. Job scheduling configuration. + properties: + maxFailuresPerHour: + description: Immutable. Optional. Maximum number of times + per hour a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + A job may be reported as thrashing if driver exits with + non-zero code 4 times within 10 minute window. Maximum + value is 10. + format: int64 + type: integer + maxFailuresTotal: + description: Immutable. Optional. Maximum number of times + in total a driver may be restarted as a result of driver + exiting with non-zero code before job is reported failed. + Maximum value is 240. + format: int64 + type: integer + type: object + sparkJob: + description: Immutable. Optional. Job is a Spark job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to add to the CLASSPATHs of the Spark driver and tasks. + items: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - metastoreConfig: - description: Immutable. Optional. Metastore configuration. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object + mainClass: + description: Immutable. The name of the driver's main class. + The jar file that contains the class must be in the default + CLASSPATH or specified in `jar_file_uris`. + type: string + mainJarFileUri: + description: Immutable. The HCFS URI of the jar file that + contains the main class. + type: string properties: - external: - description: 'Required. Resource name of an existing Dataproc - Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + additionalProperties: type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark. Properties that + conflict with values set by the Dataproc API may be overwritten. + Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + type: object + sparkRJob: + description: Immutable. Optional. Job is a SparkR job. + properties: + archiveUris: + description: 'Immutable. Optional. HCFS URIs of archives + to be extracted into the working directory of each executor. + Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' + items: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + args: + description: Immutable. Optional. The arguments to pass + to the driver. Do not include arguments, such as `--conf`, + that can be set as job properties, since a collision may + occur that causes an incorrect job submission. + items: type: string - type: object - required: - - dataprocMetastoreServiceRef - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config settings - for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: + type: array + fileUris: + description: Immutable. Optional. HCFS URIs of files to + be placed in the working directory of each executor. Useful + for naively parallel tasks. + items: + type: string + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. + mainRFileUri: + description: Immutable. Required. The HCFS URI of the main + R file to use as the driver. Must be a .R file. + type: string properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + additionalProperties: type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' + description: Immutable. Optional. A mapping of property + names to values, used to configure SparkR. Properties + that conflict with values set by the Dataproc API may + be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf + and classes in user code. + type: object + required: + - mainRFileUri + type: object + sparkSqlJob: + description: Immutable. Optional. Job is a SparkSql job. + properties: + jarFileUris: + description: Immutable. Optional. HCFS URIs of jar files + to be added to the Spark CLASSPATH. + items: type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + loggingConfig: + description: Immutable. Optional. The runtime log config + for job execution. + properties: + driverLogLevels: + additionalProperties: + type: string + description: 'Immutable. The per-package log levels + for the driver. This may include "root" package name + to configure rootLogger. Examples: ''com.google = + FATAL'', ''root = INFO'', ''org.apache = DEBUG''' + type: object + type: object properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + additionalProperties: type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: Immutable. Optional. A mapping of property + names to values, used to configure Spark SQL's SparkConf. + Properties that conflict with values set by the Dataproc + API may be overwritten. + type: object + queryFileUri: + description: Immutable. The HCFS URI of the script that + contains SQL queries. + type: string + queryList: + description: Immutable. A list of queries. + properties: + queries: + description: 'Immutable. Required. The queries to execute. + You do not need to end a query expression with a semicolon. + Multiple queries can be specified in one string by + separating each with a semicolon. Here is an example + of a Dataproc API snippet that uses a QueryList to + specify a HiveJob: "hiveJob": { "queryList": { "queries": + [ "query1", "query2", "query3;query4", ] } }' + items: + type: string + type: array + required: + - queries + type: object + scriptVariables: + additionalProperties: type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + description: 'Immutable. Optional. Mapping of query variable + names to values (equivalent to the Spark SQL command: + SET `name="value";`).' + type: object + type: object + stepId: + description: Immutable. Required. The step id. The id must be + unique among all jobs within the template. The step id is + used as prefix for job id, as job `goog-dataproc-workflow-step-id` + label, and in prerequisiteStepIds field from other steps. + The id must contain only letters (a-z, A-Z), numbers (0-9), + underscores (_), and hyphens (-). Cannot begin or end with + underscore or hyphen. Must consist of between 3 and 50 characters. + type: string + required: + - stepId + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + parameters: + description: Immutable. Optional. Template parameters whose values + are substituted into the template. Values for parameters must be + provided when the template is instantiated. + items: + properties: + description: + description: Immutable. Optional. Brief description of the parameter. + Must not exceed 1024 characters. + type: string + fields: + description: 'Immutable. Required. Paths to all fields that + the parameter replaces. A field is allowed to appear in at + most one parameter''s list of field paths. A field path is + similar in syntax to a google.protobuf.FieldMask. For example, + a field path that references the zone field of a workflow + template''s cluster selector would be specified as `placement.clusterSelector.zone`. + Also, field paths can reference fields using the following + syntax: * Values in maps can be referenced by key: * labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] + * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] + * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri + * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri + * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] + * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] + * Items in repeated fields can be referenced by a zero-based + index: * jobs[''step-id''].sparkJob.args[0] * Other examples: + * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] + * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri + * placement.clusterSelector.zone It may not be possible to + parameterize maps and repeated fields in their entirety since + only individual map values and individual items in repeated + fields can be referenced. For example, the following field + paths are invalid: - placement.clusterSelector.clusterLabels + - jobs[''step-id''].sparkJob.args' + items: type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' + type: array + name: + description: Immutable. Required. Parameter name. The parameter + name is used as the key, and paired with the parameter value, + which are passed to the template when the template is instantiated. + The name must contain only capital letters (A-Z), numbers + (0-9), and underscores (_), and must not start with a number. + The maximum length is 40 characters. + type: string + validation: + description: Immutable. Optional. Validation rules to be applied + to this parameter's value. + properties: + regex: + description: Immutable. Validation based on regular expressions. + properties: + regexes: + description: Immutable. Required. RE2 regular expressions + used to validate the parameter's value. The value + must match the regex in its entirety (substring matches + are not sufficient). + items: + type: string + type: array + required: + - regexes + type: object + values: + description: Immutable. Validation based on a list of allowed + values. + properties: + values: + description: Immutable. Required. List of allowed values + for the parameter. + items: + type: string + type: array + required: + - values + type: object + type: object + required: + - fields + - name + type: object + type: array + placement: + description: Immutable. Required. WorkflowTemplate scheduling information. + properties: + clusterSelector: + description: Immutable. Optional. A selector that chooses target + cluster for jobs based on metadata. The selector is evaluated + at the time each job is submitted. + properties: + clusterLabels: + additionalProperties: + type: string + description: Immutable. Required. The cluster labels. Cluster + must have all labels to match. + type: object + zone: + description: Immutable. Optional. The zone where workflow + process executes. This parameter does not affect the selection + of the cluster. If unspecified, the zone of the first cluster + matching the selector is used. type: string + required: + - clusterLabels type: object - securityConfig: - description: Immutable. Optional. Security settings for the cluster. + managedCluster: + description: Immutable. A cluster that is managed by the workflow. properties: - identityConfig: - description: Immutable. Optional. Identity related configuration, - including service account based secure multi-tenancy user - mappings. + clusterName: + description: Immutable. Required. The cluster name prefix. + A unique cluster name will be formed by appending a random + suffix. The name must contain only lower-case letters (a-z), + numbers (0-9), and hyphens (-). Must begin with a letter. + Cannot begin or end with hyphen. Must consist of between + 2 and 35 characters. + type: string + config: + description: Immutable. Required. The cluster configuration. properties: - userServiceAccountMapping: - additionalProperties: - type: string - description: Immutable. Required. Map of user to service - account. + autoscalingConfig: + description: Immutable. Optional. Autoscaling config for + the policy associated with the cluster. Cluster does + not autoscale if this field is unset. + properties: + policyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. + + Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object type: object - required: - - userServiceAccountMapping - type: object - kerberosConfig: - description: Immutable. Optional. Kerberos related configuration. - properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server (IP - or hostname) for the remote trusted realm in a cross - realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP or hostname) - for the remote trusted realm in a cross realm trust - relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm the - Dataproc on-cluster KDC will trust, should the user - enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the shared password - between the on-cluster Kerberos realm and the remote - trusted realm, in a cross realm trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate whether - to Kerberize the cluster (default: false). Set this - field to true to enable Kerberos on a cluster.' - type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the master key of - the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided key. For the self-signed certificate, - this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage URI - of the keystore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided keystore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: + encryptionConfig: + description: Immutable. Optional. Encryption settings + for the cluster. + properties: + gcePdKmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + endpointConfig: + description: Immutable. Optional. Port/endpoint configuration + for this cluster + properties: + enableHttpPortAccess: + description: Immutable. Optional. If true, enable + http access to specific ports on the cluster from + external sources. Defaults to false. + type: boolean + type: object + gceClusterConfig: + description: Immutable. Optional. The shared Compute Engine + config settings for all instances in a cluster. + properties: + internalIPOnly: + description: Immutable. Optional. If true, all instances + in the cluster will only have internal IP addresses. + By default, clusters are not restricted to internal + IP addresses, and will have ephemeral external IP + addresses assigned to each instance. This `internal_ip_only` + restriction can only be enabled for subnetwork enabled + networks, and all off-cluster dependencies must + be configured to be accessible without external + IP addresses. + type: boolean + metadata: + additionalProperties: + type: string + description: Immutable. The Compute Engine metadata + entries to add to all instances (see [Project and + instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). + type: object + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` + + Allowed value: The `selfLink` field of a `ComputeNetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + nodeGroupAffinity: + description: Immutable. Optional. Node Group Affinity + for sole-tenant clusters. + properties: + nodeGroupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` + + Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - external - required: - - name - - not: - anyOf: - - required: + - nodeGroupRef + type: object + privateIPv6GoogleAccess: + description: 'Immutable. Optional. The type of IPv6 + access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, + INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' + type: string + reservationAffinity: + description: Immutable. Optional. Reservation Affinity + for consuming Zonal reservation. + properties: + consumeReservationType: + description: 'Immutable. Optional. Type of reservation + to consume Possible values: TYPE_UNSPECIFIED, + NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' + type: string + key: + description: Immutable. Optional. Corresponds + to the label key of reservation resource. + type: string + values: + description: Immutable. Optional. Corresponds + to the label values of reservation resource. + items: + type: string + type: array + type: object + serviceAccountRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + serviceAccountScopes: + description: 'Immutable. Optional. The URIs of service + account scopes to be included in Compute Engine + instances. The following base set of scopes is always + included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly + * https://www.googleapis.com/auth/devstorage.read_write + * https://www.googleapis.com/auth/logging.write + If no scopes are specified, the following defaults + are also provided: * https://www.googleapis.com/auth/bigquery + * https://www.googleapis.com/auth/bigtable.admin.table + * https://www.googleapis.com/auth/bigtable.data + * https://www.googleapis.com/auth/devstorage.full_control' + items: + type: string + type: array + shieldedInstanceConfig: + description: Immutable. Optional. Shielded Instance + Config for clusters using Compute Engine Shielded + VMs. + properties: + enableIntegrityMonitoring: + description: Immutable. Optional. Defines whether + instances have integrity monitoring enabled. + Integrity monitoring compares the most recent + boot measurements to the integrity policy baseline + and returns a pair of pass/fail results depending + on whether they match or not. + type: boolean + enableSecureBoot: + description: Immutable. Optional. Defines whether + the instances have Secure Boot enabled. Secure + Boot helps ensure that the system only runs + authentic software by verifying the digital + signature of all boot components, and halting + the boot process if signature verification fails. + type: boolean + enableVtpm: + description: Immutable. Optional. Defines whether + the instance have the vTPM enabled. Virtual + Trusted Platform Module protects objects like + keys, certificates and enables Measured Boot + by performing the measurements needed to create + a known good boot baseline, called the integrity + policy baseline. + type: boolean + type: object + subnetworkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` + + Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tags: + description: Immutable. The Compute Engine tags to + add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). + items: + type: string + type: array + zone: + description: 'Immutable. Optional. The zone where + the Compute Engine cluster will be located. On a + create request, it is required in the "global" region. + If omitted in a non-global Dataproc region, the + service will pick a zone in the corresponding Compute + Engine region. On a get request, zone will always + be present. A full URL, partial URI, or short name + are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` + * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: string + type: object + initializationActions: + description: 'Immutable. Optional. Commands to execute + on each node after config is completed. By default, + executables are run on master and all worker nodes. + You can test a node''s `role` metadata to run an executable + on a master or worker node, as shown below using `curl` + (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google + http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) + if [[ "${ROLE}" == ''Master'' ]]; then ... master specific + actions ... else ... worker specific actions ... fi' + items: + properties: + executableFile: + description: Immutable. Required. Cloud Storage + URI of executable file. + type: string + executionTimeout: + description: Immutable. Optional. Amount of time + executable has to complete. Default is 10 minutes + (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + Cluster creation fails with an explanatory error + message (the name of the executable that caused + the error and the exceeded timeout period) if + the executable is not completed at end of the + timeout period. + type: string + type: object + type: array + lifecycleConfig: + description: Immutable. Optional. Lifecycle setting for + the cluster. + properties: + autoDeleteTime: + description: Immutable. Optional. The time when cluster + will be auto-deleted (see JSON representation of + [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + autoDeleteTtl: + description: Immutable. Optional. The lifetime duration + of cluster. The cluster will be auto-deleted at + the end of this period. Minimum value is 10 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + idleDeleteTtl: + description: Immutable. Optional. The duration to + keep the cluster alive while idling (when no jobs + are running). Passing this threshold will cause + the cluster to be deleted. Minimum value is 5 minutes; + maximum value is 14 days (see JSON representation + of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). + type: string + type: object + masterConfig: + description: Immutable. Optional. The Compute Engine config + settings for the master instance in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - realm: - description: Immutable. Optional. The name of the on-cluster - Kerberos realm. If not specified, the uppercased domain - of hostnames will be the realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the root principal - password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime of the - ticket granting ticket, in hours. If not specified, - or user specifies 0, then default value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage URI - of the truststore file used for SSL encryption. If not - provided, Dataproc will provide a self-signed certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage URI - of a KMS encrypted file containing the password to the - user provided truststore. For the self-signed certificate, - this password is generated by Dataproc. - type: string - type: object - type: object - softwareConfig: - description: Immutable. Optional. The config settings for software - inside the cluster. - properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported [Dataproc - Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such as "1.2.29"), - or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components to - activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties to set on - daemon config files. Property keys are specified in `prefix:property` - format, for example `core:hadoop.tmp.dir`. The following - are supported prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` * distcp: - `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` - * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: - `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' - type: object - type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config settings - for worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine accelerator - configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, or short - name of the accelerator type resource to expose to - this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the accelerator - type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of the boot - disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the boot disk - (default is "pd-standard"). Valid values: "pd-balanced" - (Persistent Disk Balanced Solid State Drive), "pd-ssd" - (Persistent Disk Solid State Drive), or "pd-standard" - (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - localSsdInterface: - description: 'Immutable. Optional. Interface type of local - SSDs (default is "scsi"). Valid values: "scsi" (Small - Computer System Interface), "nvme" (Non-Volatile Memory - Express). See [local SSD performance](https://cloud.google.com/compute/docs/disks/local-ssd#performance).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached SSDs, - from 0 to 4 (default is 0). If SSDs are not attached, - the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this runtime - bulk data is spread across them, and the boot disk contains - only basic config and installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine machine - type used for cluster instances. A full URL, partial URI, - or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you are using - the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine type - resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum cpu - platform for the Instance Group. See [Dataproc -> Minimum - CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM instances - in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must be - set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master and - worker groups is `NON_PREEMPTIBLE`. This default cannot - be changed. The default value for secondary instances is - `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - type: object - location: - description: Immutable. The location for the resource, usually a GCP - region. - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The Google Cloud Platform project ID that the cluster belongs to. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - virtualClusterConfig: - description: Immutable. Optional. The virtual cluster config is used - when creating a Dataproc cluster that does not directly control - the underlying compute resources, for example, when creating a [Dataproc-on-GKE - cluster](https://cloud.google.com/dataproc/docs/guides/dpgke/dataproc-gke). - Dataproc may set default values, and values may change when clusters - are updated. Exactly one of config or virtual_cluster_config must - be specified. - properties: - auxiliaryServicesConfig: - description: Immutable. Optional. Configuration of auxiliary services - used by this cluster. - properties: - metastoreConfig: - description: Immutable. Optional. The Hive Metastore configuration - for this workload. - properties: - dataprocMetastoreServiceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + secondaryWorkerConfig: + description: Immutable. Optional. The Compute Engine config + settings for additional worker instances in a cluster. properties: - external: - description: 'Required. Resource name of an existing - Dataproc Metastore service. Example: * `projects/[project_id]/locations/[dataproc_region]/services/[service-name]`' + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: + properties: + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' + type: string + type: object + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' + type: string + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' type: string - name: - description: |- - [WARNING] DataprocMetastoreService not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' type: string type: object - required: - - dataprocMetastoreServiceRef - type: object - sparkHistoryServerConfig: - description: Immutable. Optional. The Spark History Server - configuration for the workload. - properties: - dataprocClusterRef: + securityConfig: + description: Immutable. Optional. Security settings for + the cluster. + properties: + kerberosConfig: + description: Immutable. Optional. Kerberos related + configuration. + properties: + crossRealmTrustAdminServer: + description: Immutable. Optional. The admin server + (IP or hostname) for the remote trusted realm + in a cross realm trust relationship. + type: string + crossRealmTrustKdc: + description: Immutable. Optional. The KDC (IP + or hostname) for the remote trusted realm in + a cross realm trust relationship. + type: string + crossRealmTrustRealm: + description: Immutable. Optional. The remote realm + the Dataproc on-cluster KDC will trust, should + the user enable cross realm trust. + type: string + crossRealmTrustSharedPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the shared + password between the on-cluster Kerberos realm + and the remote trusted realm, in a cross realm + trust relationship. + type: string + enableKerberos: + description: 'Immutable. Optional. Flag to indicate + whether to Kerberize the cluster (default: false). + Set this field to true to enable Kerberos on + a cluster.' + type: boolean + kdcDbKey: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the master + key of the KDC database. + type: string + keyPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided key. For the self-signed + certificate, this password is generated by Dataproc. + type: string + keystore: + description: Immutable. Optional. The Cloud Storage + URI of the keystore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + keystorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided keystore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + kmsKeyRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The uri of the KMS key used to encrypt various sensitive files. + + Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + realm: + description: Immutable. Optional. The name of + the on-cluster Kerberos realm. If not specified, + the uppercased domain of hostnames will be the + realm. + type: string + rootPrincipalPassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the root + principal password. + type: string + tgtLifetimeHours: + description: Immutable. Optional. The lifetime + of the ticket granting ticket, in hours. If + not specified, or user specifies 0, then default + value 10 will be used. + format: int64 + type: integer + truststore: + description: Immutable. Optional. The Cloud Storage + URI of the truststore file used for SSL encryption. + If not provided, Dataproc will provide a self-signed + certificate. + type: string + truststorePassword: + description: Immutable. Optional. The Cloud Storage + URI of a KMS encrypted file containing the password + to the user provided truststore. For the self-signed + certificate, this password is generated by Dataproc. + type: string + type: object + type: object + softwareConfig: + description: Immutable. Optional. The config settings + for software inside the cluster. + properties: + imageVersion: + description: Immutable. Optional. The version of software + inside the cluster. It must be one of the supported + [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), + such as "1.2" (including a subminor version, such + as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). + If unspecified, it defaults to the latest Debian + version. + type: string + optionalComponents: + description: Immutable. Optional. The set of components + to activate on the cluster. + items: + type: string + type: array + properties: + additionalProperties: + type: string + description: 'Immutable. Optional. The properties + to set on daemon config files. Property keys are + specified in `prefix:property` format, for example + `core:hadoop.tmp.dir`. The following are supported + prefixes and their mappings: * capacity-scheduler: + `capacity-scheduler.xml` * core: `core-site.xml` + * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` + * hive: `hive-site.xml` * mapred: `mapred-site.xml` + * pig: `pig.properties` * spark: `spark-defaults.conf` + * yarn: `yarn-site.xml` For more information, see + [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + type: object + type: object + stagingBucketRef: description: Immutable. oneOf: - not: @@ -34804,9 +52092,9 @@ spec: properties: external: description: |- - Optional. Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload. Example: * `projects/[project_id]/regions/[region]/clusters/[cluster_name]` + Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `DataprocCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34816,17 +52104,7 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: object - type: object - kubernetesClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on Kubernetes. - properties: - gkeClusterConfig: - description: Immutable. Required. The configuration for running - the Dataproc cluster on GKE. - properties: - gkeClusterTargetRef: + tempBucketRef: description: Immutable. oneOf: - not: @@ -34845,9 +52123,9 @@ spec: properties: external: description: |- - Optional. A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}' + Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - Allowed value: The `selfLink` field of a `ContainerCluster` resource. + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -34857,286 +52135,187 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - nodePoolTarget: - description: Immutable. Optional. GKE node pools where - workloads will be scheduled. At least one node pool - must be assigned the `DEFAULT` GkeNodePoolTarget.Role. - If a `GkeNodePoolTarget` is not specified, Dataproc - constructs a `DEFAULT` `GkeNodePoolTarget`. Each role - can be given to only one `GkeNodePoolTarget`. All node - pools must have the same location settings. - items: - properties: - nodePoolConfig: - description: Immutable. Input only. The configuration - for the GKE node pool. If specified, Dataproc - attempts to create a node pool with the specified - shape. If one with the same name already exists, - it is verified against all specified fields. If - a field differs, the virtual cluster creation - will fail. If omitted, any node pool with the - specified name is used. If a node pool with the - specified name does not exist, Dataproc create - a node pool with default values. This is an input - only field. It will not be returned by the API. - properties: - autoscaling: - description: Immutable. Optional. The autoscaler - configuration for this node pool. The autoscaler - is enabled only when a valid configuration - is present. - properties: - maxNodeCount: - description: Immutable. The maximum number - of nodes in the node pool. Must be >= - min_node_count, and must be > 0. **Note:** - Quota must be sufficient to scale up the - cluster. - format: int64 - type: integer - minNodeCount: - description: Immutable. The minimum number - of nodes in the node pool. Must be >= - 0 and <= max_node_count. - format: int64 - type: integer - type: object - config: - description: Immutable. Optional. The node pool - configuration. - properties: - accelerators: - description: Immutable. Optional. A list - of [hardware accelerators](https://cloud.google.com/compute/docs/gpus) - to attach to each node. - items: - properties: - acceleratorCount: - description: Immutable. The number - of accelerator cards exposed to - an instance. - format: int64 - type: integer - acceleratorType: - description: Immutable. The accelerator - type resource namename (see GPUs - on Compute Engine). - type: string - gpuPartitionSize: - description: Immutable. Size of partitions - to create on the GPU. Valid values - are described in the NVIDIA [mig - user guide](https://docs.nvidia.com/datacenter/tesla/mig-user-guide/#partitioning). - type: string - type: object - type: array - bootDiskKmsKey: - description: 'Immutable. Optional. The [Customer - Managed Encryption Key (CMEK)] (https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek) - used to encrypt the boot disk attached - to each node in the node pool. Specify - the key using the following format: `projects/KEY_PROJECT_ID/locations/LOCATION/keyRings/RING_NAME/cryptoKeys/KEY_NAME`.' - type: string - ephemeralStorageConfig: - description: Immutable. Optional. Parameters - for the ephemeral storage filesystem. - If unspecified, ephemeral storage is backed - by the boot disk. - properties: - localSsdCount: - description: Immutable. Number of local - SSDs to use to back ephemeral storage. - Uses NVMe interfaces. Each local SSD - is 375 GB in size. If zero, it means - to disable using local SSDs as ephemeral - storage. - format: int64 - type: integer - type: object - localSsdCount: - description: Immutable. Optional. The number - of local SSD disks to attach to the node, - which is limited by the maximum number - of disks allowable per zone (see [Adding - Local SSDs](https://cloud.google.com/compute/docs/disks/local-ssd)). - format: int64 - type: integer - machineType: - description: Immutable. Optional. The name - of a Compute Engine [machine type](https://cloud.google.com/compute/docs/machine-types). - type: string - minCpuPlatform: - description: Immutable. Optional. [Minimum - CPU platform](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform) - to be used by this instance. The instance - may be scheduled on the specified or a - newer CPU platform. Specify the friendly - names of CPU platforms, such as "Intel - Haswell"` or Intel Sandy Bridge". - type: string - preemptible: - description: Immutable. Optional. Whether - the nodes are created as legacy [preemptible - VM instances] (https://cloud.google.com/compute/docs/instances/preemptible). - Also see Spot VMs, preemptible VM instances - without a maximum lifetime. Legacy and - Spot preemptible nodes cannot be used - in a node pool with the `CONTROLLER` [role] - (/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - spot: - description: Immutable. Optional. Whether - the nodes are created as [Spot VM instances] - (https://cloud.google.com/compute/docs/instances/spot). - Spot VMs are the latest update to legacy - preemptible VMs. Spot VMs do not have - a maximum lifetime. Legacy and Spot preemptible - nodes cannot be used in a node pool with - the `CONTROLLER` [role](/dataproc/docs/reference/rest/v1/projects.regions.clusters#role) - or in the DEFAULT node pool if the CONTROLLER - role is not assigned (the DEFAULT node - pool will assume the CONTROLLER role). - type: boolean - type: object - locations: - description: Immutable. Optional. The list of - Compute Engine [zones](https://cloud.google.com/compute/docs/zones#available) - where node pool nodes associated with a Dataproc - on GKE virtual cluster will be located. **Note:** - All node pools associated with a virtual cluster - must be located in the same region as the - virtual cluster, and they must be located - in the same zone within that region. If a - location is not specified during node pool - creation, Dataproc on GKE will choose the - zone. - items: - type: string - type: array - type: object - nodePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + workerConfig: + description: Immutable. Optional. The Compute Engine config + settings for worker instances in a cluster. + properties: + accelerators: + description: Immutable. Optional. The Compute Engine + accelerator configuration for these instances. + items: properties: - external: - description: |- - Required. The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{node_pool}' - - Allowed value: The `selfLink` field of a `ContainerNodePool` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + acceleratorCount: + description: Immutable. The number of the accelerator + cards of this type exposed to this instance. + format: int64 + type: integer + acceleratorType: + description: 'Immutable. Full URL, partial URI, + or short name of the accelerator type resource + to expose to this instance. See [Compute Engine + AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). + Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` + * `nvidia-tesla-k80` **Auto Zone Exception**: + If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the + accelerator type resource, for example, `nvidia-tesla-k80`.' type: string type: object - roles: - description: Immutable. Required. The roles associated - with the GKE node pool. - items: + type: array + diskConfig: + description: Immutable. Optional. Disk option config + settings. + properties: + bootDiskSizeGb: + description: Immutable. Optional. Size in GB of + the boot disk (default is 500GB). + format: int64 + type: integer + bootDiskType: + description: 'Immutable. Optional. Type of the + boot disk (default is "pd-standard"). Valid + values: "pd-balanced" (Persistent Disk Balanced + Solid State Drive), "pd-ssd" (Persistent Disk + Solid State Drive), or "pd-standard" (Persistent + Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' type: string - type: array - required: - - nodePoolRef - - roles - type: object - type: array - type: object - kubernetesNamespace: - description: Immutable. Optional. A namespace within the Kubernetes - cluster to deploy into. If this namespace does not exist, - it is created. If it exists, Dataproc verifies that another - Dataproc VirtualCluster is not installed into it. If not - specified, the name of the Dataproc Cluster is used. - type: string - kubernetesSoftwareConfig: - description: Immutable. Optional. The software configuration - for this Dataproc cluster running on Kubernetes. - properties: - componentVersion: - additionalProperties: - type: string - description: Immutable. The components that should be - installed in this Dataproc cluster. The key must be - a string from the KubernetesComponent enumeration. The - value is the version of the software to be installed. - At least one entry must be specified. - type: object - properties: - additionalProperties: - type: string - description: 'Immutable. The properties to set on daemon - config files. Property keys are specified in `prefix:property` - format, for example `spark:spark.kubernetes.container.image`. - The following are supported prefixes and their mappings: - * spark: `spark-defaults.conf` For more information, - see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + numLocalSsds: + description: Immutable. Optional. Number of attached + SSDs, from 0 to 4 (default is 0). If SSDs are + not attached, the boot disk is used to store + runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) + data. If one or more SSDs are attached, this + runtime bulk data is spread across them, and + the boot disk contains only basic config and + installed binaries. + format: int64 + type: integer + type: object + imageRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + + Allowed value: The `selfLink` field of a `ComputeImage` resource. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + machineType: + description: 'Immutable. Optional. The Compute Engine + machine type used for cluster instances. A full + URL, partial URI, or short name are valid. Examples: + * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` + * `n1-standard-2` **Auto Zone Exception**: If you + are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) + feature, you must use the short name of the machine + type resource, for example, `n1-standard-2`.' + type: string + minCpuPlatform: + description: Immutable. Optional. Specifies the minimum + cpu platform for the Instance Group. See [Dataproc + -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). + type: string + numInstances: + description: Immutable. Optional. The number of VM + instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) + [master_config](#FIELDS.master_config) groups, **must + be set to 3**. For standard cluster [master_config](#FIELDS.master_config) + groups, **must be set to 1**. + format: int64 + type: integer + preemptibility: + description: 'Immutable. Optional. Specifies the preemptibility + of the instance group. The default value for master + and worker groups is `NON_PREEMPTIBLE`. This default + cannot be changed. The default value for secondary + instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, + NON_PREEMPTIBLE, PREEMPTIBLE' + type: string type: object type: object + labels: + additionalProperties: + type: string + description: 'Immutable. Optional. The labels to associate + with this cluster. Label keys must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters + long, and must conform to the following PCRE regular expression: + [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated + with a given cluster.' + type: object required: - - gkeClusterConfig + - clusterName + - config type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging and temp buckets](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a `gs://...` URI to a Cloud Storage bucket.** + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kubernetesClusterConfig + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: + - jobs - location + - placement type: object status: properties: - clusterUuid: - description: Output only. A cluster UUID (Unique Universal Identifier). - Dataproc generates this value when it creates the cluster. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -35163,197 +52342,10 @@ spec: type: string type: object type: array - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions to - URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became idle - (most recent job finished) and became eligible for deletion - due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. Dataproc - derives the names from `cluster_name`, `num_instances`, - and the instance group. - items: - type: string - type: array - instanceReferences: - description: Output only. List of references to Compute Engine - instances. - items: - properties: - instanceId: - description: The unique identifier of the Compute Engine - instance. - type: string - instanceName: - description: The user-friendly name of the Compute Engine - instance. - type: string - publicEciesKey: - description: The public ECIES key used for sharing data - with this instance. - type: string - publicKey: - description: The public RSA key used for sharing data - with this instance. - type: string - type: object - type: array - isPreemptible: - description: Output only. Specifies that this instance group - contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine Instance - Group Manager that manages this group. This is only used - for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance Group - Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance Template - used for the Managed Instance Group. - type: string - type: object - type: object - type: object - metrics: - description: 'Output only. Contains cluster daemon metrics such as - HDFS and YARN stats. **Beta Feature**: This report is available - for testing purposes only. It may be changed before final release.' - properties: - hdfsMetrics: - additionalProperties: - type: string - description: The HDFS metrics. - type: object - yarnMetrics: - additionalProperties: - type: string - description: The YARN metrics. - type: object - type: object + createTime: + description: Output only. The time template was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -35361,52 +52353,299 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - status: - description: Output only. Cluster status. + placement: + properties: + managedCluster: + properties: + config: + properties: + endpointConfig: + properties: + httpPorts: + additionalProperties: + type: string + description: Output only. The map of port descriptions + to URLs. Will only be populated if enable_http_port_access + is true. + type: object + type: object + lifecycleConfig: + properties: + idleStartTime: + description: Output only. The time when cluster became + idle (most recent job finished) and became eligible + for deletion due to idleness (see JSON representation + of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). + format: date-time + type: string + type: object + masterConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + secondaryWorkerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + workerConfig: + properties: + instanceNames: + description: Output only. The list of instance names. + Dataproc derives the names from `cluster_name`, + `num_instances`, and the instance group. + items: + type: string + type: array + isPreemptible: + description: Output only. Specifies that this instance + group contains preemptible instances. + type: boolean + managedGroupConfig: + description: Output only. The config for Compute Engine + Instance Group Manager that manages this group. + This is only used for preemptible instance groups. + properties: + instanceGroupManagerName: + description: Output only. The name of the Instance + Group Manager for this group. + type: string + instanceTemplateName: + description: Output only. The name of the Instance + Template used for the Managed Instance Group. + type: string + type: object + type: object + type: object + type: object + type: object + updateTime: + description: Output only. The time template was last updated. + format: date-time + type: string + version: + description: Output only. The current version of this workflow template. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastoreindexes.datastore.cnrm.cloud.google.com +spec: + group: datastore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastoreIndex + plural: datastoreindexes + shortNames: + - gcpdatastoreindex + - gcpdatastoreindexes + singular: datastoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ancestor: + description: 'Immutable. Policy for including ancestors in the index. + Default value: "NONE" Possible values: ["NONE", "ALL_ANCESTORS"].' + type: string + kind: + description: Immutable. The entity kind which the index applies to. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - detail: - description: Optional. Output only. Details of cluster's state. - type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - substate: - description: 'Output only. Additional state information that includes - status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - statusHistory: - description: Output only. The previous cluster status. + properties: + description: Immutable. An ordered list of properties to index on. items: properties: - detail: - description: Optional. Output only. Details of cluster's state. + direction: + description: 'Immutable. The direction the index should optimize + for sorting. Possible values: ["ASCENDING", "DESCENDING"].' type: string - state: - description: 'Output only. The cluster''s state. Possible values: - UNKNOWN, CREATING, RUNNING, ERROR, DELETING, UPDATING, STOPPING, - STOPPED, STARTING' + name: + description: Immutable. The property name to index. type: string - stateStartTime: - description: Output only. Time when this state was entered (see - JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time + required: + - direction + - name + type: object + type: array + resourceID: + description: Immutable. Optional. The service-generated indexId of + the resource. Used for acquisition only. Leave unset to create a + new resource. + type: string + required: + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - substate: - description: 'Output only. Additional state information that - includes status reported by the agent. Possible values: UNSPECIFIED, - UNHEALTHY, STALE_STATUS' + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string type: object type: array + indexId: + description: The index id. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object required: - spec @@ -35426,25 +52665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: dataprocworkflowtemplates.dataproc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamconnectionprofiles.datastream.cnrm.cloud.google.com spec: - group: dataproc.cnrm.cloud.google.com + group: datastream.cnrm.cloud.google.com names: categories: - gcp - kind: DataprocWorkflowTemplate - plural: dataprocworkflowtemplates + kind: DatastreamConnectionProfile + plural: datastreamconnectionprofiles shortNames: - - gcpdataprocworkflowtemplate - - gcpdataprocworkflowtemplates - singular: dataprocworkflowtemplate + - gcpdatastreamconnectionprofile + - gcpdatastreamconnectionprofiles + singular: datastreamconnectionprofile preserveUnknownFields: false scope: Namespaced versions: @@ -35464,7 +52703,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -35482,1675 +52721,3996 @@ spec: type: object spec: properties: - dagTimeout: - description: Immutable. Optional. Timeout duration for the DAG of - jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - The timeout duration must be from 10 minutes ("600s") to 24 hours - ("86400s"). The timer begins when the first job is submitted. If - the workflow is running at the end of the timeout period, any remaining - jobs are cancelled, the workflow is ended, and if the workflow was - running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), - the cluster is deleted. + bigqueryProfile: + description: BigQuery warehouse profile. + type: object + x-kubernetes-preserve-unknown-fields: true + displayName: + description: Display name. type: string - jobs: - description: Immutable. Required. The Directed Acyclic Graph of Jobs - to submit. - items: - properties: - hadoopJob: - description: Immutable. Optional. Job is a Hadoop job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted in the working directory of Hadoop drivers - and tasks. Supported file types: .jar, .tar, .tar.gz, - .tgz, or .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `-libjars` - or `-Dfoo=bar`, that can be set as job properties, since - a collision may occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS (Hadoop Compatible - Filesystem) URIs of files to be copied to the working - directory of Hadoop drivers and distributed tasks. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. Jar file URIs to add to - the CLASSPATHs of the Hadoop driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file containing the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: 'Immutable. The HCFS URI of the jar file containing - the main class. Examples: ''gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar'' - ''hdfs:/tmp/test-samples/custom-wordcount.jar'' ''file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar''' - type: string - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Hadoop. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/hadoop/conf/*-site - and classes in user code. - type: object - type: object - hiveJob: - description: Immutable. Optional. Job is a Hive job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Hive server and Hadoop - MapReduce (MR) tasks. Can contain Hive SerDes and UDFs. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names and values, used to configure Hive. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/hive/conf/hive-site.xml, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains Hive queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Hive command: `SET - name="value";`).' - type: object - type: object - labels: - additionalProperties: - type: string - description: 'Immutable. Optional. The labels to associate with - this job. Label keys must be between 1 and 63 characters long, - and must conform to the following regular expression: p{Ll}p{Lo}{0,62} - Label values must be between 1 and 63 characters long, and - must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} - No more than 32 labels can be associated with a given job.' - type: object - pigJob: - description: Immutable. Optional. Job is a Pig job. - properties: - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATH of the Pig Client and Hadoop MapReduce - (MR) tasks. Can contain Pig UDFs. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Pig. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/hadoop/conf/*-site.xml, - /etc/pig/conf/pig.properties, and classes in user code. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains the Pig queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: - type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Pig command: `name=[value]`).' - type: object - type: object - prerequisiteStepIds: - description: Immutable. Optional. The optional list of prerequisite - job step_ids. If not specified, the job will start at the - beginning of workflow. - items: + forwardSshConnectivity: + description: Forward SSH tunnel connectivity. + properties: + hostname: + description: Hostname for the SSH tunnel. + type: string + password: + description: Immutable. SSH password. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - prestoJob: - description: Immutable. Optional. Job is a Presto job. - properties: - clientTags: - description: Immutable. Optional. Presto client tags to - attach to this query - items: - type: string - type: array - continueOnFailure: - description: Immutable. Optional. Whether to continue executing - queries if a query fails. The default value is `false`. - Setting to `true` can be useful when executing independent - parallel queries. - type: boolean - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - outputFormat: - description: Immutable. Optional. The format in which query - output will be displayed. See the Presto documentation - for supported output formats - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) - Equivalent to using the --session flag in the Presto CLI - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - type: object - pysparkJob: - description: Immutable. Optional. Job is a PySpark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Python driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + name: + description: Name of the Secret to extract a value + from. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainPythonFileUri: - description: Immutable. Required. The HCFS URI of the main - Python file to use as the driver. Must be a .py file. - type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the SSH tunnel. + type: integer + privateKey: + description: Immutable. SSH private key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure PySpark. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - pythonFileUris: - description: 'Immutable. Optional. HCFS file URIs of Python - files to pass to the PySpark framework. Supported file - types: .py, .egg, and .zip.' - items: - type: string - type: array + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + description: Username for the SSH tunnel. + type: string + required: + - hostname + - username + type: object + gcsProfile: + description: Cloud Storage bucket profile. + properties: + bucket: + description: The Cloud Storage bucket name. + type: string + rootPath: + description: The root path inside the Cloud Storage bucket. + type: string + required: + - bucket + type: object + location: + description: Immutable. The name of the location this connection profile + is located in. + type: string + mysqlProfile: + description: MySQL database profile. + properties: + hostname: + description: Hostname for the MySQL connection. + type: string + password: + description: Immutable. Password for the MySQL connection. + oneOf: + - not: + required: + - valueFrom required: - - mainPythonFileUri - type: object - scheduling: - description: Immutable. Optional. Job scheduling configuration. - properties: - maxFailuresPerHour: - description: Immutable. Optional. Maximum number of times - per hour a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - A job may be reported as thrashing if driver exits with - non-zero code 4 times within 10 minute window. Maximum - value is 10. - format: int64 - type: integer - maxFailuresTotal: - description: Immutable. Optional. Maximum number of times - in total a driver may be restarted as a result of driver - exiting with non-zero code before job is reported failed. - Maximum value is 240. - format: int64 - type: integer - type: object - sparkJob: - description: Immutable. Optional. Job is a Spark job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: - type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: - type: string - type: array - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to add to the CLASSPATHs of the Spark driver and tasks. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainClass: - description: Immutable. The name of the driver's main class. - The jar file that contains the class must be in the default - CLASSPATH or specified in `jar_file_uris`. - type: string - mainJarFileUri: - description: Immutable. The HCFS URI of the jar file that - contains the main class. - type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the MySQL connection. + type: integer + sslConfig: + description: SSL configuration for the MySQL connection. + properties: + caCertificate: + description: |- + Immutable. PEM-encoded certificate of the CA that signed the source database + server's certificate. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark. Properties that - conflict with values set by the Dataproc API may be overwritten. - Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object - type: object - sparkRJob: - description: Immutable. Optional. Job is a SparkR job. - properties: - archiveUris: - description: 'Immutable. Optional. HCFS URIs of archives - to be extracted into the working directory of each executor. - Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.' - items: - type: string - type: array - args: - description: Immutable. Optional. The arguments to pass - to the driver. Do not include arguments, such as `--conf`, - that can be set as job properties, since a collision may - occur that causes an incorrect job submission. - items: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - fileUris: - description: Immutable. Optional. HCFS URIs of files to - be placed in the working directory of each executor. Useful - for naively parallel tasks. - items: + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + caCertificateSet: + description: Indicates whether the clientKey field is set. + type: boolean + clientCertificate: + description: |- + Immutable. PEM-encoded certificate that will be used by the replica to + authenticate against the source database server. If this field + is used then the 'clientKey' and the 'caCertificate' fields are + mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: - type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object - mainRFileUri: - description: Immutable. Required. The HCFS URI of the main - R file to use as the driver. Must be a .R file. - type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientCertificateSet: + description: Indicates whether the clientCertificate field + is set. + type: boolean + clientKey: + description: |- + Immutable. PEM-encoded private key associated with the Client Certificate. + If this field is used then the 'client_certificate' and the + 'ca_certificate' fields are mandatory. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - additionalProperties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure SparkR. Properties - that conflict with values set by the Dataproc API may - be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf - and classes in user code. - type: object + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + clientKeySet: + description: Indicates whether the clientKey field is set. + type: boolean + type: object + username: + description: Username for the MySQL connection. + type: string + required: + - hostname + - password + - username + type: object + oracleProfile: + description: Oracle database profile. + properties: + connectionAttributes: + additionalProperties: + type: string + description: Connection string attributes. + type: object + databaseService: + description: Database for the Oracle connection. + type: string + hostname: + description: Hostname for the Oracle connection. + type: string + password: + description: Password for the Oracle connection. + oneOf: + - not: + required: + - valueFrom required: - - mainRFileUri - type: object - sparkSqlJob: - description: Immutable. Optional. Job is a SparkSql job. - properties: - jarFileUris: - description: Immutable. Optional. HCFS URIs of jar files - to be added to the Spark CLASSPATH. - items: - type: string - type: array - loggingConfig: - description: Immutable. Optional. The runtime log config - for job execution. - properties: - driverLogLevels: - additionalProperties: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - description: 'Immutable. The per-package log levels - for the driver. This may include "root" package name - to configure rootLogger. Examples: ''com.google = - FATAL'', ''root = INFO'', ''org.apache = DEBUG''' - type: object - type: object + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the Oracle connection. + type: integer + username: + description: Username for the Oracle connection. + type: string + required: + - databaseService + - hostname + - password + - username + type: object + postgresqlProfile: + description: PostgreSQL database profile. + properties: + database: + description: Database for the PostgreSQL connection. + type: string + hostname: + description: Hostname for the PostgreSQL connection. + type: string + password: + description: Password for the PostgreSQL connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - additionalProperties: - type: string - description: Immutable. Optional. A mapping of property - names to values, used to configure Spark SQL's SparkConf. - Properties that conflict with values set by the Dataproc - API may be overwritten. - type: object - queryFileUri: - description: Immutable. The HCFS URI of the script that - contains SQL queries. - type: string - queryList: - description: Immutable. A list of queries. - properties: - queries: - description: 'Immutable. Required. The queries to execute. - You do not need to end a query expression with a semicolon. - Multiple queries can be specified in one string by - separating each with a semicolon. Here is an example - of a Dataproc API snippet that uses a QueryList to - specify a HiveJob: "hiveJob": { "queryList": { "queries": - [ "query1", "query2", "query3;query4", ] } }' - items: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. type: string - type: array - required: - - queries - type: object - scriptVariables: - additionalProperties: - type: string - description: 'Immutable. Optional. Mapping of query variable - names to values (equivalent to the Spark SQL command: - SET `name="value";`).' - type: object - type: object - stepId: - description: Immutable. Required. The step id. The id must be - unique among all jobs within the template. The step id is - used as prefix for job id, as job `goog-dataproc-workflow-step-id` - label, and in prerequisiteStepIds field from other steps. - The id must contain only letters (a-z, A-Z), numbers (0-9), - underscores (_), and hyphens (-). Cannot begin or end with - underscore or hyphen. Must consist of between 3 and 50 characters. + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: Port for the PostgreSQL connection. + type: integer + username: + description: Username for the PostgreSQL connection. + type: string + required: + - database + - hostname + - password + - username + type: object + privateConnectivity: + description: Private connectivity. + properties: + privateConnection: + description: 'A reference to a private connection resource. Format: + ''projects/{project}/locations/{location}/privateConnections/{name}''.' + type: string + required: + - privateConnection + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The connectionProfileId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - displayName + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - stepId type: object type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamprivateconnections.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamPrivateConnection + plural: datastreamprivateconnections + shortNames: + - gcpdatastreamprivateconnection + - gcpdatastreamprivateconnections + singular: datastreamprivateconnection + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. Display name. + type: string location: - description: Immutable. The location for the resource + description: Immutable. The name of the location this private connection + is located in. type: string - parameters: - description: Immutable. Optional. Template parameters whose values - are substituted into the template. Values for parameters must be - provided when the template is instantiated. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The privateConnectionId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vpcPeeringConfig: + description: |- + Immutable. The VPC Peering configuration is used to create VPC peering + between Datastream and the consumer's VPC. + properties: + subnet: + description: Immutable. A free subnet for peering. (CIDR of /29). + type: string + vpc: + description: |- + Immutable. Fully qualified name of the VPC that Datastream will peer to. + Format: projects/{project}/global/{networks}/{name}. + type: string + required: + - subnet + - vpc + type: object + required: + - displayName + - location + - projectRef + - vpcPeeringConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: properties: - description: - description: Immutable. Optional. Brief description of the parameter. - Must not exceed 1024 characters. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - fields: - description: 'Immutable. Required. Paths to all fields that - the parameter replaces. A field is allowed to appear in at - most one parameter''s list of field paths. A field path is - similar in syntax to a google.protobuf.FieldMask. For example, - a field path that references the zone field of a workflow - template''s cluster selector would be specified as `placement.clusterSelector.zone`. - Also, field paths can reference fields using the following - syntax: * Values in maps can be referenced by key: * labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * placement.managedCluster.labels[''key''] - * placement.clusterSelector.clusterLabels[''key''] * jobs[''step-id''].labels[''key''] - * Jobs in the jobs list can be referenced by step-id: * jobs[''step-id''].hadoopJob.mainJarFileUri - * jobs[''step-id''].hiveJob.queryFileUri * jobs[''step-id''].pySparkJob.mainPythonFileUri - * jobs[''step-id''].hadoopJob.jarFileUris[0] * jobs[''step-id''].hadoopJob.archiveUris[0] - * jobs[''step-id''].hadoopJob.fileUris[0] * jobs[''step-id''].pySparkJob.pythonFileUris[0] - * Items in repeated fields can be referenced by a zero-based - index: * jobs[''step-id''].sparkJob.args[0] * Other examples: - * jobs[''step-id''].hadoopJob.properties[''key''] * jobs[''step-id''].hadoopJob.args[0] - * jobs[''step-id''].hiveJob.scriptVariables[''key''] * jobs[''step-id''].hadoopJob.mainJarFileUri - * placement.clusterSelector.zone It may not be possible to - parameterize maps and repeated fields in their entirety since - only individual map values and individual items in repeated - fields can be referenced. For example, the following field - paths are invalid: - placement.clusterSelector.clusterLabels - - jobs[''step-id''].sparkJob.args' - items: - type: string - type: array - name: - description: Immutable. Required. Parameter name. The parameter - name is used as the key, and paired with the parameter value, - which are passed to the template when the template is instantiated. - The name must contain only capital letters (A-Z), numbers - (0-9), and underscores (_), and must not start with a number. - The maximum length is 40 characters. + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - validation: - description: Immutable. Optional. Validation rules to be applied - to this parameter's value. - properties: - regex: - description: Immutable. Validation based on regular expressions. - properties: - regexes: - description: Immutable. Required. RE2 regular expressions - used to validate the parameter's value. The value - must match the regex in its entirety (substring matches - are not sufficient). - items: - type: string - type: array - required: - - regexes - type: object - values: - description: Immutable. Validation based on a list of allowed - values. - properties: - values: - description: Immutable. Required. List of allowed values - for the parameter. - items: - type: string - type: array - required: - - values - type: object - type: object - required: - - fields - - name type: object type: array - placement: - description: Immutable. Required. WorkflowTemplate scheduling information. - properties: - clusterSelector: - description: Immutable. Optional. A selector that chooses target - cluster for jobs based on metadata. The selector is evaluated - at the time each job is submitted. - properties: - clusterLabels: - additionalProperties: - type: string - description: Immutable. Required. The cluster labels. Cluster - must have all labels to match. - type: object - zone: - description: Immutable. Optional. The zone where workflow - process executes. This parameter does not affect the selection - of the cluster. If unspecified, the zone of the first cluster - matching the selector is used. - type: string - required: - - clusterLabels - type: object - managedCluster: - description: Immutable. A cluster that is managed by the workflow. - properties: - clusterName: - description: Immutable. Required. The cluster name prefix. - A unique cluster name will be formed by appending a random - suffix. The name must contain only lower-case letters (a-z), - numbers (0-9), and hyphens (-). Must begin with a letter. - Cannot begin or end with hyphen. Must consist of between - 2 and 35 characters. + error: + description: The PrivateConnection error in case of failure. + items: + properties: + details: + additionalProperties: type: string - config: - description: Immutable. Required. The cluster configuration. - properties: - autoscalingConfig: - description: Immutable. Optional. Autoscaling config for - the policy associated with the cluster. Cluster does - not autoscale if this field is unset. - properties: - policyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region. - - Allowed value: The Google Cloud resource name of a `DataprocAutoscalingPolicy` resource (format: `projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - encryptionConfig: - description: Immutable. Optional. Encryption settings - for the cluster. - properties: - gcePdKmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - endpointConfig: - description: Immutable. Optional. Port/endpoint configuration - for this cluster - properties: - enableHttpPortAccess: - description: Immutable. Optional. If true, enable - http access to specific ports on the cluster from - external sources. Defaults to false. - type: boolean - type: object - gceClusterConfig: - description: Immutable. Optional. The shared Compute Engine - config settings for all instances in a cluster. - properties: - internalIPOnly: - description: Immutable. Optional. If true, all instances - in the cluster will only have internal IP addresses. - By default, clusters are not restricted to internal - IP addresses, and will have ephemeral external IP - addresses assigned to each instance. This `internal_ip_only` - restriction can only be enabled for subnetwork enabled - networks, and all off-cluster dependencies must - be configured to be accessible without external - IP addresses. - type: boolean - metadata: - additionalProperties: - type: string - description: Immutable. The Compute Engine metadata - entries to add to all instances (see [Project and - instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)). - type: object - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the "default" network of the project is used, if it exists. Cannot be a "Custom Subnet Network" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default` - - Allowed value: The `selfLink` field of a `ComputeNetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - nodeGroupAffinity: - description: Immutable. Optional. Node Group Affinity - for sole-tenant clusters. + description: A list of messages that carry the error details. + type: object + message: + description: A message containing more information about the + error that occurred. + type: string + type: object + type: array + name: + description: The resource's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: State of the PrivateConnection. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: datastreamstreams.datastream.cnrm.cloud.google.com +spec: + group: datastream.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DatastreamStream + plural: datastreamstreams + shortNames: + - gcpdatastreamstream + - gcpdatastreamstreams + singular: datastreamstream + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backfillAll: + description: Backfill strategy to automatically backfill the Stream's + objects. Specific objects can be excluded. + properties: + mysqlExcludedObjects: + description: MySQL data source objects to avoid backfilling. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: properties: - nodeGroupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1` - - Allowed value: The `selfLink` field of a `ComputeNodeGroup` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + mysqlColumns: + description: MySQL columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string required: - - nodeGroupRef + - table type: object - privateIPv6GoogleAccess: - description: 'Immutable. Optional. The type of IPv6 - access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, - INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL' - type: string - reservationAffinity: - description: Immutable. Optional. Reservation Affinity - for consuming Zonal reservation. + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + oracleExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database server. + items: + properties: + oracleTables: + description: Tables in the database. + items: properties: - consumeReservationType: - description: 'Immutable. Optional. Type of reservation - to consume Possible values: TYPE_UNSPECIFIED, - NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION' - type: string - key: - description: Immutable. Optional. Corresponds - to the label key of reservation resource. - type: string - values: - description: Immutable. Optional. Corresponds - to the label values of reservation resource. + oracleColumns: + description: Oracle columns in the schema. When + unspecified as part of include/exclude objects, + includes/excludes everything. items: - type: string + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object type: array - type: object - serviceAccountRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + table: + description: Table name. type: string + required: + - table type: object - serviceAccountScopes: - description: 'Immutable. Optional. The URIs of service - account scopes to be included in Compute Engine - instances. The following base set of scopes is always - included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly - * https://www.googleapis.com/auth/devstorage.read_write - * https://www.googleapis.com/auth/logging.write - If no scopes are specified, the following defaults - are also provided: * https://www.googleapis.com/auth/bigquery - * https://www.googleapis.com/auth/bigtable.admin.table - * https://www.googleapis.com/auth/bigtable.data - * https://www.googleapis.com/auth/devstorage.full_control' - items: - type: string - type: array - shieldedInstanceConfig: - description: Immutable. Optional. Shielded Instance - Config for clusters using Compute Engine Shielded - VMs. - properties: - enableIntegrityMonitoring: - description: Immutable. Optional. Defines whether - instances have integrity monitoring enabled. - Integrity monitoring compares the most recent - boot measurements to the integrity policy baseline - and returns a pair of pass/fail results depending - on whether they match or not. - type: boolean - enableSecureBoot: - description: Immutable. Optional. Defines whether - the instances have Secure Boot enabled. Secure - Boot helps ensure that the system only runs - authentic software by verifying the digital - signature of all boot components, and halting - the boot process if signature verification fails. - type: boolean - enableVtpm: - description: Immutable. Optional. Defines whether - the instance have the vTPM enabled. Virtual - Trusted Platform Module protects objects like - keys, certificates and enables Measured Boot - by performing the measurements needed to create - a known good boot baseline, called the integrity - policy baseline. - type: boolean - type: object - subnetworkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + postgresqlExcludedObjects: + description: PostgreSQL data source objects to avoid backfilling. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: properties: - external: - description: |- - Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0` - - Allowed value: The `selfLink` field of a `ComputeSubnetwork` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column can + accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of the + column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column represents + a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. type: string + required: + - table type: object - tags: - description: Immutable. The Compute Engine tags to - add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)). - items: - type: string - type: array - zone: - description: 'Immutable. Optional. The zone where - the Compute Engine cluster will be located. On a - create request, it is required in the "global" region. - If omitted in a non-global Dataproc region, the - service will pick a zone in the corresponding Compute - Engine region. On a get request, zone will always - be present. A full URL, partial URI, or short name - are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` - * `projects/[project_id]/zones/[zone]` * `us-central1-f`' + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + type: object + backfillNone: + description: Backfill strategy to disable automatic backfill for the + Stream's objects. + type: object + x-kubernetes-preserve-unknown-fields: true + customerManagedEncryptionKey: + description: |- + Immutable. A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data + will be encrypted using an internal Stream-specific encryption key provisioned through KMS. + type: string + desiredState: + description: Desired state of the Stream. Set this field to 'RUNNING' + to start the stream, and 'PAUSED' to pause the stream. + type: string + destinationConfig: + description: Destination connection profile configuration. + properties: + bigqueryDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + dataFreshness: + description: |- + The guaranteed data freshness (in seconds) when querying tables created by the stream. + Editing this field will only affect new tables created in the future, but existing tables + will not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + singleTargetDataset: + description: A single target dataset to which all data will + be streamed. + properties: + datasetId: + description: |- + Dataset ID in the format projects/{project}/datasets/{dataset_id} or + {project}:{dataset_id}. + type: string + required: + - datasetId + type: object + sourceHierarchyDatasets: + description: Destination datasets are created so that hierarchy + of the destination data objects matches the source hierarchy. + properties: + datasetTemplate: + description: Dataset template used for dynamic dataset + creation. + properties: + datasetIdPrefix: + description: |- + If supplied, every created dataset will have its name prefixed by the provided value. + The prefix and name will be separated by an underscore. i.e. _. + type: string + kmsKeyName: + description: |- + Immutable. Describes the Cloud KMS encryption key that will be used to protect destination BigQuery + table. The BigQuery Service Account associated with your project requires access to this + encryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}. + See https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information. + type: string + location: + description: |- + The geographic location where the dataset should reside. + See https://cloud.google.com/bigquery/docs/locations for supported locations. type: string + required: + - location type: object - initializationActions: - description: 'Immutable. Optional. Commands to execute - on each node after config is completed. By default, - executables are run on master and all worker nodes. - You can test a node''s `role` metadata to run an executable - on a master or worker node, as shown below using `curl` - (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google - http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) - if [[ "${ROLE}" == ''Master'' ]]; then ... master specific - actions ... else ... worker specific actions ... fi' + required: + - datasetTemplate + type: object + type: object + destinationConnectionProfile: + description: 'Immutable. Destination connection profile resource. + Format: projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + gcsDestinationConfig: + description: A configuration for how data should be loaded to + Cloud Storage. + properties: + avroFileFormat: + description: AVRO file format configuration. + type: object + x-kubernetes-preserve-unknown-fields: true + fileRotationInterval: + description: |- + The maximum duration for which new events are added before a file is closed and a new file is created. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". Defaults to 900s. + type: string + fileRotationMb: + description: The maximum file size to be saved in the bucket. + type: integer + jsonFileFormat: + description: JSON file format configuration. + properties: + compression: + description: 'Compression of the loaded JSON file. Possible + values: ["NO_COMPRESSION", "GZIP"].' + type: string + schemaFileFormat: + description: 'The schema file format along JSON data files. + Possible values: ["NO_SCHEMA_FILE", "AVRO_SCHEMA_FILE"].' + type: string + type: object + path: + description: Path inside the Cloud Storage bucket to write + data to. + type: string + type: object + required: + - destinationConnectionProfile + type: object + displayName: + description: Display name. + type: string + location: + description: Immutable. The name of the location this stream is located + in. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The streamId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceConfig: + description: Source connection profile configuration. + properties: + mysqlSourceConfig: + description: MySQL data source configuration. + properties: + excludeObjects: + description: MySQL objects to exclude from the stream. + properties: + mysqlDatabases: + description: MySQL databases on the server. items: properties: - executableFile: - description: Immutable. Required. Cloud Storage - URI of executable file. + database: + description: Database name. type: string - executionTimeout: - description: Immutable. Optional. Amount of time - executable has to complete. Default is 10 minutes - (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - Cluster creation fails with an explanatory error - message (the name of the executable that caused - the error and the exceeded timeout period) if - the executable is not completed at end of the - timeout period. + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + includeObjects: + description: MySQL objects to retrieve from the source. + properties: + mysqlDatabases: + description: MySQL databases on the server. + items: + properties: + database: + description: Database name. + type: string + mysqlTables: + description: Tables in the database. + items: + properties: + mysqlColumns: + description: MySQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + collation: + description: Column collation. + type: string + column: + description: Column name. + type: string + dataType: + description: |- + The MySQL data type. Full data types list can be found here: + https://dev.mysql.com/doc/refman/8.0/en/data-types.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + required: + - database + type: object + type: array + required: + - mysqlDatabases + type: object + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + type: object + oracleSourceConfig: + description: MySQL data source configuration. + properties: + dropLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + excludeObjects: + description: Oracle objects to exclude from the stream. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + includeObjects: + description: Oracle objects to retrieve from the source. + properties: + oracleSchemas: + description: Oracle schemas/databases in the database + server. + items: + properties: + oracleTables: + description: Tables in the database. + items: + properties: + oracleColumns: + description: Oracle columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The Oracle data type. Full data types list can be found here: + https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html. + type: string + encoding: + description: Column encoding. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Schema name. + type: string + required: + - schema + type: object + type: array + required: + - oracleSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + maxConcurrentCdcTasks: + description: |- + Maximum number of concurrent CDC tasks. The number should be non negative. + If not set (or set to 0), the system's default value will be used. + type: integer + streamLargeObjects: + description: Configuration to drop large object values. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + postgresqlSourceConfig: + description: PostgreSQL data source configuration. + properties: + excludeObjects: + description: PostgreSQL objects to exclude from the stream. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. + type: string + required: + - schema + type: object + type: array + required: + - postgresqlSchemas + type: object + includeObjects: + description: PostgreSQL objects to retrieve from the source. + properties: + postgresqlSchemas: + description: PostgreSQL schemas on the server. + items: + properties: + postgresqlTables: + description: Tables in the schema. + items: + properties: + postgresqlColumns: + description: PostgreSQL columns in the schema. + When unspecified as part of include/exclude + objects, includes/excludes everything. + items: + properties: + column: + description: Column name. + type: string + dataType: + description: |- + The PostgreSQL data type. Full data types list can be found here: + https://www.postgresql.org/docs/current/datatype.html. + type: string + length: + description: Column length. + type: integer + nullable: + description: Whether or not the column + can accept a null value. + type: boolean + ordinalPosition: + description: The ordinal position of + the column in the table. + type: integer + precision: + description: Column precision. + type: integer + primaryKey: + description: Whether or not the column + represents a primary key. + type: boolean + scale: + description: Column scale. + type: integer + type: object + type: array + table: + description: Table name. + type: string + required: + - table + type: object + type: array + schema: + description: Database name. type: string + required: + - schema type: object type: array - lifecycleConfig: - description: Immutable. Optional. Lifecycle setting for - the cluster. - properties: - autoDeleteTime: - description: Immutable. Optional. The time when cluster - will be auto-deleted (see JSON representation of - [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - autoDeleteTtl: - description: Immutable. Optional. The lifetime duration - of cluster. The cluster will be auto-deleted at - the end of this period. Minimum value is 10 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - idleDeleteTtl: - description: Immutable. Optional. The duration to - keep the cluster alive while idling (when no jobs - are running). Passing this threshold will cause - the cluster to be deleted. Minimum value is 5 minutes; - maximum value is 14 days (see JSON representation - of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). - type: string - type: object - masterConfig: - description: Immutable. Optional. The Compute Engine config - settings for the master instance in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. - - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - secondaryWorkerConfig: - description: Immutable. Optional. The Compute Engine config - settings for additional worker instances in a cluster. - properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. - properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer - type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + required: + - postgresqlSchemas + type: object + maxConcurrentBackfillTasks: + description: |- + Maximum number of concurrent backfill tasks. The number should be non + negative. If not set (or set to 0), the system's default value will be used. + type: integer + publication: + description: |- + The name of the publication that includes the set of all tables + that are defined in the stream's include_objects. + type: string + replicationSlot: + description: |- + The name of the logical replication slot that's configured with + the pgoutput plugin. + type: string + required: + - publication + - replicationSlot + type: object + sourceConnectionProfile: + description: 'Immutable. Source connection profile resource. Format: + projects/{project}/locations/{location}/connectionProfiles/{name}.' + type: string + required: + - sourceConnectionProfile + type: object + required: + - destinationConfig + - displayName + - location + - projectRef + - sourceConfig + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The stream's name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The state of the stream. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: deploymentmanagerdeployments.deploymentmanager.cnrm.cloud.google.com +spec: + group: deploymentmanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DeploymentManagerDeployment + plural: deploymentmanagerdeployments + shortNames: + - gcpdeploymentmanagerdeployment + - gcpdeploymentmanagerdeployments + singular: deploymentmanagerdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + createPolicy: + description: |- + Immutable. Set the policy to use for creating new resources. Only used on + create and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or + 'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist, + the deployment will fail. Note that updating this field does not + actually affect the deployment, just how it is updated. Default value: "CREATE_OR_ACQUIRE" Possible values: ["ACQUIRE", "CREATE_OR_ACQUIRE"]. + type: string + deletePolicy: + description: |- + Immutable. Set the policy to use for deleting new resources on update/delete. + Valid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE', + resource is deleted after removal from Deployment Manager. If + 'ABANDON', the resource is only removed from Deployment Manager + and is not actually deleted. Note that updating this field does not + actually change the deployment, just how it is updated. Default value: "DELETE" Possible values: ["ABANDON", "DELETE"]. + type: string + description: + description: Optional user-provided description of deployment. + type: string + preview: + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + target: + description: |- + Parameters that define your deployment, including the deployment + configuration and relevant templates. + properties: + config: + description: The root configuration file to use for this deployment. + properties: + content: + description: The full YAML contents of your configuration + file. + type: string + required: + - content + type: object + imports: + description: |- + Specifies import files for this configuration. This can be + used to import templates or other files. For example, you might + import a text file in order to use the file in a template. + items: + properties: + content: + description: The full contents of the template that you + want to import. + type: string + name: + description: |- + The name of the template to import, as declared in the YAML + configuration. + type: string + type: object + type: array + required: + - config + type: object + required: + - projectRef + - target + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deploymentId: + description: Unique identifier for deployment. Output only. + type: string + manifest: + description: |- + Output only. URL of the manifest representing the last manifest that + was successfully deployed. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server defined URL for the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowagents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowAgent + plural: dialogflowagents + shortNames: + - gcpdialogflowagent + - gcpdialogflowagents + singular: dialogflowagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + apiVersion: + description: "API version displayed in Dialogflow console. If not + specified, V2 API is assumed. Clients are free to query\ndifferent + service endpoints for different API versions. However, bots connectors + and webhook calls will follow \nthe specified API version.\n* API_VERSION_V1: + Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: + V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", + \"API_VERSION_V2_BETA_1\"]." + type: string + avatarUri: + description: |- + The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered + into this field, the Dialogflow will save the image in the backend. The address of the backend image returned + from the API will be shown in the [avatarUriBackend] field. + type: string + classificationThreshold: + description: "To filter out false positive results and still get variety + in matched natural language inputs for your agent,\nyou can tune + the machine learning classification threshold. If the returned score + value is less than the threshold\nvalue, then a fallback intent + will be triggered or, if there are no fallback intents defined, + no intent will be \ntriggered. The score values range from 0.0 (completely + uncertain) to 1.0 (completely certain). If set to 0.0, the \ndefault + of 0.3 is used." + type: number + defaultLanguageCode: + description: "Immutable. The default language of the agent as a language + tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language) + \nfor a list of the currently supported language codes. This field + cannot be updated after creation." + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The name of this agent. + type: string + enableLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + matchMode: + description: |- + Determines how intents are detected from user queries. + * MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates + syntax and composite entities. + * MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones + using @sys.any or very large developer entities. Possible values: ["MATCH_MODE_HYBRID", "MATCH_MODE_ML_ONLY"]. + type: string + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the defaultLanguageCode). + items: + type: string + type: array + tier: + type: string + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - timeZone + type: object + status: + properties: + avatarUriBackend: + description: |- + The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar, + the [avatarUri] field can be used. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxagents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXAgent + plural: dialogflowcxagents + shortNames: + - gcpdialogflowcxagent + - gcpdialogflowcxagents + singular: dialogflowcxagent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + avatarUri: + description: The URI of the agent's avatar. Avatars are used throughout + the Dialogflow console and in the self-hosted Web Demo integration. + type: string + defaultLanguageCode: + description: |- + Immutable. The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) + for a list of the currently supported language codes. This field cannot be updated after creation. + type: string + description: + description: The description of this agent. The maximum length is + 500 characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the agent, unique within the + location. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + location: + description: |- + Immutable. The name of the location this agent is located in. - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string - type: object - securityConfig: - description: Immutable. Optional. Security settings for - the cluster. + ~> **Note:** The first time you are deploying an Agent in your project you must configure location settings. + This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console. + Another options is to use global location so you don't need to manually configure location settings. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + speechToTextSettings: + description: Settings related to speech recognition. + properties: + enableSpeechAdaptation: + description: Whether to use speech adaptation for speech recognition. + type: boolean + type: object + supportedLanguageCodes: + description: The list of all languages supported by this agent (except + for the default_language_code). + items: + type: string + type: array + timeZone: + description: |- + The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, + Europe/Paris. + type: string + required: + - defaultLanguageCode + - displayName + - location + - projectRef + - timeZone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: The unique identifier of the agent. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxentitytypes.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXEntityType + plural: dialogflowcxentitytypes + shortNames: + - gcpdialogflowcxentitytype + - gcpdialogflowcxentitytypes + singular: dialogflowcxentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + autoExpansionMode: + description: |- + Represents kinds of entities. + * AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity. + * AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: ["AUTO_EXPANSION_MODE_DEFAULT", "AUTO_EXPANSION_MODE_UNSPECIFIED"]. + type: string + displayName: + description: The human-readable name of the entity type, unique within + the agent. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions. + For KIND_LIST entity types: This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions. + For KIND_MAP entity types: A canonical value to be used in place of synonyms. + For KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases). + type: string + type: object + type: array + excludedPhrases: + description: |- + Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion. + If the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive. + items: + properties: + value: + description: The word or phrase to be excluded. + type: string + type: object + type: array + kind: + description: |- + Indicates whether the entity type can be automatically expanded. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value. + * KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + languageCode: + description: |- + Immutable. The language of the following fields in entityType: + EntityType.entities.value + EntityType.entities.synonyms + EntityType.excluded_phrases.value + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The agent to create a entity type for. + Format: projects//locations//agents/. + type: string + redact: + description: Indicates whether parameters of the entity type should + be redacted in log. If redaction is enabled, page parameters and + intent parameters referring to the entity type will be replaced + by parameter name when logging. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - entities + - kind + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the entity type. + Format: projects//locations//agents//entityTypes/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxflows.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXFlow + plural: dialogflowcxflows + shortNames: + - gcpdialogflowcxflow + - gcpdialogflowcxflows + singular: dialogflowcxflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the flow. The maximum length is 500 + characters. If exceeded, the request is rejected. + type: string + displayName: + description: The human-readable name of the flow. + type: string + eventHandlers: + description: |- + A flow's event handlers serve two purposes: + They are responsible for handling events (e.g. no match, webhook errors) in the flow. + They are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow. + Unlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - kerberosConfig: - description: Immutable. Optional. Kerberos related - configuration. + text: + description: The text response message. properties: - crossRealmTrustAdminServer: - description: Immutable. Optional. The admin server - (IP or hostname) for the remote trusted realm - in a cross realm trust relationship. - type: string - crossRealmTrustKdc: - description: Immutable. Optional. The KDC (IP - or hostname) for the remote trusted realm in - a cross realm trust relationship. - type: string - crossRealmTrustRealm: - description: Immutable. Optional. The remote realm - the Dataproc on-cluster KDC will trust, should - the user enable cross realm trust. - type: string - crossRealmTrustSharedPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the shared - password between the on-cluster Kerberos realm - and the remote trusted realm, in a cross realm - trust relationship. - type: string - enableKerberos: - description: 'Immutable. Optional. Flag to indicate - whether to Kerberize the cluster (default: false). - Set this field to true to enable Kerberos on - a cluster.' + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. type: boolean - kdcDbKey: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the master - key of the KDC database. - type: string - keyPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided key. For the self-signed - certificate, this password is generated by Dataproc. - type: string - keystore: - description: Immutable. Optional. The Cloud Storage - URI of the keystore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - keystorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided keystore. For the self-signed - certificate, this password is generated by Dataproc. - type: string - kmsKeyRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The uri of the KMS key used to encrypt various sensitive files. - - Allowed value: The `selfLink` field of a `KMSCryptoKey` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - realm: - description: Immutable. Optional. The name of - the on-cluster Kerberos realm. If not specified, - the uppercased domain of hostnames will be the - realm. - type: string - rootPrincipalPassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the root - principal password. - type: string - tgtLifetimeHours: - description: Immutable. Optional. The lifetime - of the ticket granting ticket, in hours. If - not specified, or user specifies 0, then default - value 10 will be used. - format: int64 - type: integer - truststore: - description: Immutable. Optional. The Cloud Storage - URI of the truststore file used for SSL encryption. - If not provided, Dataproc will provide a self-signed - certificate. - type: string - truststorePassword: - description: Immutable. Optional. The Cloud Storage - URI of a KMS encrypted file containing the password - to the user provided truststore. For the self-signed - certificate, this password is generated by Dataproc. - type: string + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - softwareConfig: - description: Immutable. Optional. The config settings - for software inside the cluster. + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + languageCode: + description: |- + Immutable. The language of the following fields in flow: + Flow.event_handlers.trigger_fulfillment.messages + Flow.event_handlers.trigger_fulfillment.conditional_cases + Flow.transition_routes.trigger_fulfillment.messages + Flow.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + nluSettings: + description: NLU related settings of the flow. + properties: + classificationThreshold: + description: |- + To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold. + If the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used. + type: number + modelTrainingMode: + description: |- + Indicates NLU model training mode. + * MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode. + * MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: ["MODEL_TRAINING_MODE_AUTOMATIC", "MODEL_TRAINING_MODE_MANUAL"]. + type: string + modelType: + description: |- + Indicates the type of NLU model. + * MODEL_TYPE_STANDARD: Use standard NLU model. + * MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: ["MODEL_TYPE_STANDARD", "MODEL_TYPE_ADVANCED"]. + type: string + type: object + parent: + description: |- + Immutable. The agent to create a flow for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + A flow's transition route group serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A flow's transition routes serve two purposes: + They are responsible for matching the user's first utterances in the flow. + They are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying "help" or "can I talk to a human?", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow. + + TransitionRoutes are evalauted in the following order: + TransitionRoutes with intent specified. + TransitionRoutes with only condition specified. + TransitionRoutes with intent specified are inherited by pages in the flow. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the condition is satisfied. + At least one of triggerFulfillment and target must be specified. + When both are defined, triggerFulfillment is executed first. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - imageVersion: - description: Immutable. Optional. The version of software - inside the cluster. It must be one of the supported - [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), - such as "1.2" (including a subminor version, such - as "1.2.29"), or the ["preview" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). - If unspecified, it defaults to the latest Debian - version. - type: string - optionalComponents: - description: Immutable. Optional. The set of components - to activate on the cluster. - items: - type: string - type: array - properties: - additionalProperties: - type: string - description: 'Immutable. Optional. The properties - to set on daemon config files. Property keys are - specified in `prefix:property` format, for example - `core:hadoop.tmp.dir`. The following are supported - prefixes and their mappings: * capacity-scheduler: - `capacity-scheduler.xml` * core: `core-site.xml` - * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` - * hive: `hive-site.xml` * mapred: `mapred-site.xml` - * pig: `pig.properties` * spark: `spark-defaults.conf` - * yarn: `yarn-site.xml` For more information, see - [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).' + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object type: object - stagingBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tempBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.** - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the flow. + Format: projects//locations//agents//flows/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxintents.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXIntent + plural: dialogflowcxintents + shortNames: + - gcpdialogflowcxintent + - gcpdialogflowcxintents + singular: dialogflowcxintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: 'Human readable description for better understanding + an intent like its scope, content, result etc. Maximum character + limit: 140 characters.' + type: string + displayName: + description: The human-readable name of the intent, unique within + the agent. + type: string + isFallback: + description: |- + Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation. + Adding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event. + type: boolean + languageCode: + description: |- + Immutable. The language of the following fields in intent: + Intent.training_phrases.parts.text + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parameters: + description: The collection of parameters associated with the intent. + items: + properties: + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + id: + description: The unique identifier of the parameter. This field + is used by training phrases to annotate their parts. + type: string + isList: + description: Indicates whether the parameter represents a list + of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging. + Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + - entityType + - id + type: object + type: array + parent: + description: |- + Immutable. The agent to create an intent for. + Format: projects//locations//agents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console. + If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + trainingPhrases: + description: The collection of training phrases the agent is trained + on to identify the intent. + items: + properties: + id: + description: The unique identifier of the training phrase. + type: string + parts: + description: |- + The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase. + Note: The API does not automatically annotate training phrases like the Dialogflow Console does. + Note: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated. + If the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set. + If you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways: + Part.text is set to a part of the phrase that has no parameters. + Part.text is set to a part of the phrase that you want to annotate, and the parameterId field is set. + items: + properties: + parameterId: + description: The parameter used to annotate this part + of the training phrase. This field is required for annotated + parts of the training phrase. + type: string + text: + description: The text for this part. + type: string + required: + - text + type: object + type: array + repeatCount: + description: Indicates how many times this example was added + to the intent. + type: integer + required: + - parts + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the intent. + Format: projects//locations//agents//intents/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxpages.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXPage + plural: dialogflowcxpages + shortNames: + - gcpdialogflowcxpage + - gcpdialogflowcxpages + singular: dialogflowcxpage + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the page, unique within the + agent. + type: string + entryFulfillment: + description: The fulfillment to call when the session is entering + the page. + properties: + messages: + description: The list of rich message responses to present to + the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message can + be interrupted by the end user's speech and the client + can then starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: type: string - type: object - workerConfig: - description: Immutable. Optional. The Compute Engine config - settings for worker instances in a cluster. + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently queued + fulfillment response messages in streaming APIs. If a webhook + is specified, it happens before Dialogflow invokes webhook. + Warning: 1) This flag only affects streaming API. Responses + are still queued and returned once in non-streaming API. 2) + The flag can be enabled in any fulfillment but only the first + 3 partial responses will be returned. You may only want to apply + it to fulfillments that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which fulfillment + is being called. This field is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + eventHandlers: + description: Handlers associated with the page to handle events such + as webhook errors, no match or no input. + items: + properties: + event: + description: The name of the event to handle. + type: string + name: + description: The unique identifier of this event handler. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: properties: - accelerators: - description: Immutable. Optional. The Compute Engine - accelerator configuration for these instances. - items: - properties: - acceleratorCount: - description: Immutable. The number of the accelerator - cards of this type exposed to this instance. - format: int64 - type: integer - acceleratorType: - description: 'Immutable. Full URL, partial URI, - or short name of the accelerator type resource - to expose to this instance. See [Compute Engine - AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). - Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` - * `nvidia-tesla-k80` **Auto Zone Exception**: - If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the - accelerator type resource, for example, `nvidia-tesla-k80`.' - type: string - type: object - type: array - diskConfig: - description: Immutable. Optional. Disk option config - settings. + text: + description: The text response message. properties: - bootDiskSizeGb: - description: Immutable. Optional. Size in GB of - the boot disk (default is 500GB). - format: int64 - type: integer - bootDiskType: - description: 'Immutable. Optional. Type of the - boot disk (default is "pd-standard"). Valid - values: "pd-balanced" (Persistent Disk Balanced - Solid State Drive), "pd-ssd" (Persistent Disk - Solid State Drive), or "pd-standard" (Persistent - Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).' - type: string - numLocalSsds: - description: Immutable. Optional. Number of attached - SSDs, from 0 to 4 (default is 0). If SSDs are - not attached, the boot disk is used to store - runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) - data. If one or more SSDs are attached, this - runtime bulk data is spread across them, and - the boot disk contains only basic config and - installed binaries. - format: int64 - type: integer + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - imageRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default. + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + form: + description: The form associated with the page, used for collecting + parameters relevant to the page. + properties: + parameters: + description: Parameters to collect from the user. + items: + properties: + displayName: + description: The human-readable name of the parameter, unique + within the form. + type: string + entityType: + description: |- + The entity type of the parameter. + Format: projects/-/locations/-/agents/-/entityTypes/ for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects//locations//agents//entityTypes/ for developer entity types. + type: string + fillBehavior: + description: Defines fill behavior for the parameter. + properties: + initialPromptFulfillment: + description: The fulfillment to provide the initial + prompt that the agent can present to the user in order + to fill the parameter. + properties: + messages: + description: The list of rich message responses + to present to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this + message can be interrupted by the end + user's speech and the client can then + starts the next Dialogflow request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array + type: object + type: object + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming + APIs. If a webhook is specified, it happens before + Dialogflow invokes webhook. Warning: 1) This flag + only affects streaming API. Responses are still + queued and returned once in non-streaming API. + 2) The flag can be enabled in any fulfillment + but only the first 3 partial responses will be + returned. You may only want to apply it to fulfillments + that have slow webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify + which fulfillment is being called. This field + is required if webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + isList: + description: Indicates whether the parameter represents + a list of values. + type: boolean + redact: + description: |- + Indicates whether the parameter content should be redacted in log. + If redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled. + type: boolean + required: + description: |- + Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them. + Required parameters must be filled before form filling concludes. + type: boolean + type: object + type: array + type: object + languageCode: + description: |- + Immutable. The language of the following fields in page: - Allowed value: The `selfLink` field of a `ComputeImage` resource. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + Page.entry_fulfillment.messages + Page.entry_fulfillment.conditional_cases + Page.event_handlers.trigger_fulfillment.messages + Page.event_handlers.trigger_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.messages + Page.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases + Page.form.parameters.fill_behavior.reprompt_event_handlers.messages + Page.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases + Page.transition_routes.trigger_fulfillment.messages + Page.transition_routes.trigger_fulfillment.conditional_cases + If not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used. + type: string + parent: + description: |- + Immutable. The flow to create a page for. + Format: projects//locations//agents//flows/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + transitionRouteGroups: + description: |- + Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page. + If multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -> page's transition route group -> flow's transition routes. + If multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence. + Format:projects//locations//agents//flows//transitionRouteGroups/. + items: + type: string + type: array + transitionRoutes: + description: |- + A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow. + When we are in a certain page, the TransitionRoutes are evalauted in the following order: + TransitionRoutes defined in the page with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in flow with intent specified. + TransitionRoutes defined in the transition route groups with intent specified. + TransitionRoutes defined in the page with only condition specified. + TransitionRoutes defined in the transition route groups with only condition specified. + items: + properties: + condition: + description: |- + The condition to evaluate against form parameters or session parameters. + At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + intent: + description: |- + The unique identifier of an Intent. + Format: projects//locations//agents//intents/. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled. + type: string + name: + description: The unique identifier of this transition route. + type: string + targetFlow: + description: |- + The target flow to transition to. + Format: projects//locations//agents//flows/. + type: string + targetPage: + description: |- + The target page to transition to. + Format: projects//locations//agents//flows//pages/. + type: string + triggerFulfillment: + description: The fulfillment to call when the event occurs. + Handling webhook errors with a fulfillment enabled with webhook + could cause infinite loop. It is invalid to specify such fulfillment + for a handler handling webhooks. + properties: + messages: + description: The list of rich message responses to present + to the user. + items: + properties: + text: + description: The text response message. + properties: + allowPlaybackInterruption: + description: Whether the playback of this message + can be interrupted by the end user's speech + and the client can then starts the next Dialogflow + request. + type: boolean + text: + description: A collection of text responses. + items: + type: string + type: array type: object - machineType: - description: 'Immutable. Optional. The Compute Engine - machine type used for cluster instances. A full - URL, partial URI, or short name are valid. Examples: - * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` - * `n1-standard-2` **Auto Zone Exception**: If you - are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) - feature, you must use the short name of the machine - type resource, for example, `n1-standard-2`.' - type: string - minCpuPlatform: - description: Immutable. Optional. Specifies the minimum - cpu platform for the Instance Group. See [Dataproc - -> Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu). - type: string - numInstances: - description: Immutable. Optional. The number of VM - instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) - [master_config](#FIELDS.master_config) groups, **must - be set to 3**. For standard cluster [master_config](#FIELDS.master_config) - groups, **must be set to 1**. - format: int64 - type: integer - preemptibility: - description: 'Immutable. Optional. Specifies the preemptibility - of the instance group. The default value for master - and worker groups is `NON_PREEMPTIBLE`. This default - cannot be changed. The default value for secondary - instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, - NON_PREEMPTIBLE, PREEMPTIBLE' - type: string type: object - type: object - labels: + type: array + returnPartialResponses: + description: 'Whether Dialogflow should return currently + queued fulfillment response messages in streaming APIs. + If a webhook is specified, it happens before Dialogflow + invokes webhook. Warning: 1) This flag only affects streaming + API. Responses are still queued and returned once in non-streaming + API. 2) The flag can be enabled in any fulfillment but + only the first 3 partial responses will be returned. You + may only want to apply it to fulfillments that have slow + webhooks.' + type: boolean + tag: + description: The tag used by the webhook to identify which + fulfillment is being called. This field is required if + webhook is specified. + type: string + webhook: + description: 'The webhook to call. Format: projects//locations//agents//webhooks/.' + type: string + type: object + type: object + type: array + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the page. + Format: projects//locations//agents//flows//pages/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowcxwebhooks.dialogflowcx.cnrm.cloud.google.com +spec: + group: dialogflowcx.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowCXWebhook + plural: dialogflowcxwebhooks + shortNames: + - gcpdialogflowcxwebhook + - gcpdialogflowcxwebhooks + singular: dialogflowcxwebhook + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + description: Indicates whether the webhook is disabled. + type: boolean + displayName: + description: The human-readable name of the webhook, unique within + the agent. + type: string + enableSpellCorrection: + description: Indicates if automatic spell correction is enabled in + detect intent requests. + type: boolean + enableStackdriverLogging: + description: Determines whether this agent should log conversation + queries. + type: boolean + genericWebService: + description: Configuration for a generic web service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: + additionalProperties: + type: string + description: Immutable. The HTTP request headers to send together + with webhook requests. + type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + parent: + description: |- + Immutable. The agent to create a webhook for. + Format: projects//locations//agents/. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + securitySettings: + description: 'Name of the SecuritySettings reference for the agent. + Format: projects//locations//securitySettings/.' + type: string + serviceDirectory: + description: Configuration for a Service Directory service. + properties: + genericWebService: + description: The name of Service Directory service. + properties: + allowedCaCerts: + description: Specifies a list of allowed custom CA certificates + (in DER format) for HTTPS verification. + items: + type: string + type: array + requestHeaders: additionalProperties: type: string - description: 'Immutable. Optional. The labels to associate - with this cluster. Label keys must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters - long, and must conform to the following PCRE regular expression: - [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated - with a given cluster.' + description: Immutable. The HTTP request headers to send together + with webhook requests. type: object + uri: + description: Whether to use speech adaptation for speech recognition. + type: string + required: + - uri + type: object + service: + description: The name of Service Directory service. + type: string + required: + - genericWebService + - service + type: object + timeout: + description: Webhook execution timeout. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The unique identifier of the webhook. + Format: projects//locations//agents//webhooks/. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + startFlow: + description: 'Name of the start flow in this agent. A start flow will + be automatically created when the agent is created, and can only + be deleted by deleting the agent. Format: projects//locations//agents//flows/.' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowentitytypes.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowEntityType + plural: dialogflowentitytypes + shortNames: + - gcpdialogflowentitytype + - gcpdialogflowentitytypes + singular: dialogflowentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The name of this entity type to be displayed on the console. + type: string + enableFuzzyExtraction: + description: Enables fuzzy entity extraction during classification. + type: boolean + entities: + description: The collection of entity entries associated with the + entity type. + items: + properties: + synonyms: + description: |- + A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym + could be green onions. + For KIND_LIST entity types: + * This collection must contain exactly one synonym equal to value. + items: + type: string + type: array + value: + description: |- + The primary value associated with this entity entry. For example, if the entity type is vegetable, the value + could be scallions. + For KIND_MAP entity types: + * A reference value to be used in place of synonyms. + For KIND_LIST entity types: + * A string that can contain references to other entity types (with or without aliases). + type: string + required: + - synonyms + - value + type: object + type: array + kind: + description: |- + Indicates the kind of entity type. + * KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value. + * KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity + types can contain references to other entity types (with or without aliases). + * KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: ["KIND_MAP", "KIND_LIST", "KIND_REGEXP"]. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - clusterName - - config + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - kind + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: "The unique identifier of the entity type. \nFormat: + projects//agent/entityTypes/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowfulfillments.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowFulfillment + plural: dialogflowfulfillments + shortNames: + - gcpdialogflowfulfillment + - gcpdialogflowfulfillments + singular: dialogflowfulfillment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: The human-readable name of the fulfillment, unique within + the agent. + type: string + enabled: + description: Whether fulfillment is enabled. + type: boolean + features: + description: The field defines whether the fulfillment is enabled + for certain features. + items: + properties: + type: + description: |- + The type of the feature that enabled for fulfillment. + * SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: ["SMALLTALK"]. + type: string + required: + - type + type: object + type: array + genericWebService: + description: 'Represents configuration for a generic web service. + Dialogflow supports two mechanisms for authentications: - Basic + authentication with username and password. - Authentication with + additional authentication headers.' + properties: + password: + description: The password for HTTP Basic authentication. + type: string + requestHeaders: + additionalProperties: + type: string + description: The HTTP request headers to send together with fulfillment + requests. type: object + uri: + description: The fulfillment URI for receiving POST requests. + It must use https protocol. + type: string + username: + description: The user name for HTTP Basic authentication. + type: string + required: + - uri type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -37167,10 +56727,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -37180,14 +56737,13 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - jobs - - location - - placement + - displayName + - projectRef type: object status: properties: @@ -37217,9 +56773,10 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time template was created. - format: date-time + name: + description: "The unique identifier of the fulfillment. \nFormat: + projects//agent/fulfillment - projects//locations//agent/fulfillment." type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -37228,127 +56785,243 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - placement: + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dialogflowintents.dialogflow.cnrm.cloud.google.com +spec: + group: dialogflow.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DialogflowIntent + plural: dialogflowintents + shortNames: + - gcpdialogflowintent + - gcpdialogflowintents + singular: dialogflowintent + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + action: + description: |- + The name of the action associated with the intent. + Note: The action name must not contain whitespaces. + type: string + defaultResponsePlatforms: + description: |- + The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED + (i.e. default platform). Possible values: ["FACEBOOK", "SLACK", "TELEGRAM", "KIK", "SKYPE", "LINE", "VIBER", "ACTIONS_ON_GOOGLE", "GOOGLE_HANGOUTS"]. + items: + type: string + type: array + displayName: + description: The name of this intent to be displayed on the console. + type: string + events: + description: "The collection of event names that trigger the intent. + If the collection of input contexts is not empty, all of\nthe contexts + must be present in the active user session for an event to trigger + this intent. See the \n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) + for more details." + items: + type: string + type: array + inputContextNames: + description: |- + The list of context names required for this intent to be triggered. + Format: projects//agent/sessions/-/contexts/. + items: + type: string + type: array + isFallback: + description: Indicates whether this is a fallback intent. + type: boolean + mlDisabled: + description: |- + Indicates whether Machine Learning is disabled for the intent. + Note: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML + ONLY match mode. Also, auto-markup in the UI is turned off. + type: boolean + parentFollowupIntentName: + description: |- + Immutable. The unique identifier of the parent intent in the chain of followup intents. + Format: projects//agent/intents/. + type: string + priority: + description: |- + The priority of this intent. Higher numbers represent higher priorities. + - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds + to the Normal priority in the console. + - If the supplied value is negative, the intent is ignored in runtime detect intent requests. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - managedCluster: - properties: - config: - properties: - endpointConfig: - properties: - httpPorts: - additionalProperties: - type: string - description: Output only. The map of port descriptions - to URLs. Will only be populated if enable_http_port_access - is true. - type: object - type: object - lifecycleConfig: - properties: - idleStartTime: - description: Output only. The time when cluster became - idle (most recent job finished) and became eligible - for deletion due to idleness (see JSON representation - of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)). - format: date-time - type: string - type: object - masterConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - secondaryWorkerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - workerConfig: - properties: - instanceNames: - description: Output only. The list of instance names. - Dataproc derives the names from `cluster_name`, - `num_instances`, and the instance group. - items: - type: string - type: array - isPreemptible: - description: Output only. Specifies that this instance - group contains preemptible instances. - type: boolean - managedGroupConfig: - description: Output only. The config for Compute Engine - Instance Group Manager that manages this group. - This is only used for preemptible instance groups. - properties: - instanceGroupManagerName: - description: Output only. The name of the Instance - Group Manager for this group. - type: string - instanceTemplateName: - description: Output only. The name of the Instance - Template used for the Managed Instance Group. - type: string - type: object - type: object - type: object - type: object + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - updateTime: - description: Output only. The time template was last updated. - format: date-time + resetContexts: + description: Indicates whether to delete all contexts in the current + session when this intent is matched. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - version: - description: Output only. The current version of this workflow template. - format: int64 + webhookState: + description: |- + Indicates whether webhooks are enabled for the intent. + * WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent. + * WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot + filling prompt is forwarded to the webhook. Possible values: ["WEBHOOK_STATE_ENABLED", "WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING"]. + type: string + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + followupIntentInfo: + description: |- + Information about all followup intents that have this intent as a direct or indirect parent. We populate this field + only in the output. + items: + properties: + followupIntentName: + description: |- + The unique identifier of the followup intent. + Format: projects//agent/intents/. + type: string + parentFollowupIntentName: + description: |- + The unique identifier of the followup intent's parent. + Format: projects//agent/intents/. + type: string + type: object + type: array + name: + description: "The unique identifier of this intent. \nFormat: projects//agent/intents/." + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. type: integer + rootFollowupIntentName: + description: |- + The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup + intents chain for this intent. + Format: projects//agent/intents/. + type: string type: object required: - spec @@ -37368,7 +57041,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -39176,34 +58849,485 @@ spec: as `12***`. type: boolean type: object - cryptoDeterministicConfig: - description: Deterministic Crypto + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used + for higher security and maintaining + referential integrity such that + the same identifier in two different + contexts will be given a distinct + surrogate. The context is appended + to plaintext value being encrypted. + On decryption the provided context + is validated against the value used + during encryption. If a context + was provided during encryption, + same context must be provided during + decryption as well. If the context + is not set, plaintext would be used + as is for encryption. If the context + is set but: 1. there is no record + present when transforming a given + value or 2. the field is not present + when transforming a given value, + plaintext would be used as is for + encryption. Note that case (1) is + expected when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s.' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption + using AES-SIV, the provided key + is internally expanded to 64 bytes + prior to use. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom info + type followed by the number of characters + comprising the surrogate. The following + scheme defines the format: {info + type name}({surrogate character + count}):{surrogate} For example, + if the name of custom info type + is ''MY_TOKEN_INFO_TYPE'' and the + surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate + when inspecting content using the + custom info type ''Surrogate''. + This facilitates reversal of the + surrogate when it occurs in free + text. Note: For record transformations + where the entire cell in a table + is being transformed, surrogates + are not mandatory. Surrogates are + used to denote the location of the + token and are necessary for re-identification + in free form text. In order for + inspection to work properly, the + name of this info type must not + occur naturally anywhere in your + data; otherwise, inspection may + either - reverse a surrogate that + does not correspond to an actual + identifier - be unable to parse + the surrogate and result in an error + Therefore, choose your custom info + type name carefully after considering + what your data looks like. One way + to select a name that has a high + chance of yielding reliable detection + is to include one or more unicode + characters that are highly improbable + to exist in your data. For example, + assuming your data is entered from + a regular ASCII keyboard, the symbol + with the hex code point 29DD might + be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash + function. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible + values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, + NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, + ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context + may be used for higher security + since the same identifier in two + different contexts won''t be given + the same surrogate. If the context + is not set, a default tweak will + be used. If the context is set but: + 1. there is no record present when + transforming a given value or 1. + the field is not present when transforming + a given value, a default tweak will + be used. Note that case (1) is expected + when an `InfoTypeTransformation` + is applied to both structured and + non-structured `ContentItem`s. Currently, + the referenced field may be of value + type integer or string. The tweak + is constructed as a sequence of + bytes in big endian byte order such + that: - a 64 bit integer is encoded + followed by a single byte of value + 1 - a string is encoded in UTF-8 + format followed by a single byte + of value 2' + properties: + name: + description: Name describing the + field. + type: string + type: object + cryptoKey: + description: Required. The key used + by the encryption algorithm. + properties: + kmsWrapped: + description: Key wrapped using + Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of + the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace + of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The + wrapped data crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto + key + properties: + name: + description: 'Required. Name + of the key. This is an arbitrary + string used to differentiate + different keys. A unique + key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated + key if their names are the + same. When the data crypto + key is generated, this name + is not used in any way (repeating + the api call will result + in a different key being + generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto + key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by + mapping these to the alphanumeric + characters that the FFX mode natively + supports. This happens before/after + encryption/decryption. Each character + listed must appear only once. Number + of characters must be in the range + [2, 95]. This must be encoded as + ASCII. The order of characters does + not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select + the alphabet. Must be in the range + [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType + to annotate the surrogate with. + This annotation will be applied + to the surrogate by prefixing it + with the name of the custom infoType + followed by the number of characters + comprising the surrogate. The following + scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom + infoType is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the + full replacement value will be: + ''MY_TOKEN_INFO_TYPE(3):abc'' This + annotation identifies the surrogate + when inspecting content using the + custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the + surrogate when it occurs in free + text. In order for inspection to + work properly, the name of this + infoType must not occur naturally + anywhere in your data; otherwise, + inspection may find a surrogate + that does not correspond to an actual + identifier. Therefore, choose your + custom infoType name carefully after + considering what your data looks + like. One way to select a name that + has a high chance of yielding reliable + detection is to include one or more + unicode characters that are highly + improbable to exist in your data. + For example, assuming your data + is entered from a regular ASCII + keyboard, the symbol with the hex + code point 29DD might be used like + so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information + type. Either a name of your + choosing when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift properties: context: - description: 'A context may be used - for higher security and maintaining - referential integrity such that - the same identifier in two different - contexts will be given a distinct - surrogate. The context is appended - to plaintext value being encrypted. - On decryption the provided context - is validated against the value used - during encryption. If a context - was provided during encryption, - same context must be provided during - decryption as well. If the context - is not set, plaintext would be used - as is for encryption. If the context - is set but: 1. there is no record - present when transforming a given - value or 2. the field is not present - when transforming a given value, - plaintext would be used as is for - encryption. Note that case (1) is - expected when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s.' + description: Points to the field that + contains the context, for example, + an entity id. If set, must also + set cryptoKey. If set, shift will + be consistent for the given context. properties: name: description: Name describing the @@ -39211,11 +59335,12 @@ spec: type: string type: object cryptoKey: - description: The key used by the encryption - function. For deterministic encryption - using AES-SIV, the provided key - is internally expanded to 64 bytes - prior to use. + description: Causes the shift to be + computed based on this key and the + context. This results in the same + shift for the same context and crypto_key. + If set, must also set context. Can + only be applied to table items. properties: kmsWrapped: description: Key wrapped using @@ -39297,2126 +59422,5323 @@ spec: - key type: object type: object - surrogateInfoType: - description: 'The custom info type - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom info - type followed by the number of characters - comprising the surrogate. The following - scheme defines the format: {info - type name}({surrogate character - count}):{surrogate} For example, - if the name of custom info type - is ''MY_TOKEN_INFO_TYPE'' and the - surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate - when inspecting content using the - custom info type ''Surrogate''. - This facilitates reversal of the - surrogate when it occurs in free - text. Note: For record transformations - where the entire cell in a table - is being transformed, surrogates - are not mandatory. Surrogates are - used to denote the location of the - token and are necessary for re-identification - in free form text. In order for - inspection to work properly, the - name of this info type must not - occur naturally anywhere in your - data; otherwise, inspection may - either - reverse a surrogate that - does not correspond to an actual - identifier - be unable to parse - the surrogate and result in an error - Therefore, choose your custom info - type name carefully after considering - what your data looks like. One way - to select a name that has a high - chance of yielding reliable detection - is to include one or more unicode - characters that are highly improbable - to exist in your data. For example, - assuming your data is entered from - a regular ASCII keyboard, the symbol - with the hex code point 29DD might - be used like so: ⧝MY_TOKEN_TYPE.' + lowerBoundDays: + description: Required. For example, + -5 means shift date to at most 5 + days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift + in days. Actual shift will be selected + at random within this range (inclusive + ends). Negative means shift to earlier + in time. Must not be more than 365250 + days (1000 years) each direction. + For example, 3 means shift date + to at most 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each + bucket (except for minimum and maximum + buckets). So if `lower_bound` = + 10, `upper_bound` = 89, and `bucket_size` + = 10, then the following buckets + would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, + 80-89, 89+. Precision up to 2 decimals + works.' + format: double + type: number + lowerBound: + description: Required. Lower bound + value of buckets. All values less + than `lower_bound` are grouped together + into a single bucket; for example + if `lower_bound` = 10, then all + values less than 10 are replaced + with the value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound + value of buckets. All values greater + than upper_bound are grouped together + into a single bucket; for example + if `upper_bound` = 89, then all + values greater than 89 are replaced + with the value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified + value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time + to keep. Possible values: TIME_PART_UNSPECIFIED, + YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, + WEEK_OF_YEAR, HOUR_OF_DAY' + type: string + type: object + type: object + required: + - primitiveTransformation + type: object + type: array + required: + - transformations + type: object + primitiveTransformation: + description: Apply the transformation to the entire + field. + properties: + bucketingConfig: + description: Bucketing + properties: + buckets: + description: Set of buckets. Ranges must be + non-overlapping. + items: + properties: + max: + description: Upper bound of the range, + exclusive; type must match min. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + min: + description: Lower bound of the range, + inclusive. Type should be the same as + max if used. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - cryptoHashConfig: - description: Crypto + replacementValue: + description: Required. Replacement value + for this bucket. properties: - cryptoKey: - description: The key used by the hash - function. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + day: + description: Day of a month. Must + be from 1 to 31 and valid for + the year and month, or 0 to + specify a year by itself or + a year and month where the day + isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or 0 to + specify a year without a month + and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, or 0 + to specify a date without a + year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, THURSDAY, + FRIDAY, SATURDAY, SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 + hour format. Should be from + 0 to 23. An API may choose to + allow the value "24:00:00" for + scenarios like business closing + time. + format: int64 + type: integer + minutes: + description: Minutes of hour of + day. Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds + in nanoseconds. Must be from + 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally be + from 0 to 59. An API may allow + the value 60 if it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - replacementValue + type: object + type: array + type: object + characterMaskConfig: + description: Mask + properties: + charactersToIgnore: + description: When masking a string, items in + this list will be skipped when replacing characters. + For example, if the input string is `555-555-5555` + and you instruct Cloud DLP to skip `-` and + mask 5 characters with `*`, Cloud DLP returns + `***-**5-5555`. + items: + properties: + charactersToSkip: + description: Characters to not transform + when masking. + type: string + commonCharactersToIgnore: + description: 'Common characters to not + transform when masking. Useful to avoid + removing punctuation. Possible values: + COMMON_CHARS_TO_IGNORE_UNSPECIFIED, + NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, + PUNCTUATION, WHITESPACE' + type: string + type: object + type: array + maskingCharacter: + description: Character to use to mask the sensitive + values—for example, `*` for an alphabetic + string such as a name, or `0` for a numeric + string such as ZIP code or credit card number. + This string must have a length of 1. If not + supplied, this value defaults to `*` for strings, + and `0` for digits. + type: string + numberToMask: + description: Number of characters to mask. If + not set, all matching chars will be masked. + Skipped characters do not count towards this + tally. + format: int64 + type: integer + reverseOrder: + description: Mask characters in reverse order. + For example, if `masking_character` is `0`, + `number_to_mask` is `14`, and `reverse_order` + is `false`, then the input string `1234-5678-9012-3456` + is masked as `00000000000000-3456`. If `masking_character` + is `*`, `number_to_mask` is `3`, and `reverse_order` + is `true`, then the string `12345` is masked + as `12***`. + type: boolean + type: object + cryptoDeterministicConfig: + description: Deterministic Crypto + properties: + context: + description: 'A context may be used for higher + security and maintaining referential integrity + such that the same identifier in two different + contexts will be given a distinct surrogate. + The context is appended to plaintext value + being encrypted. On decryption the provided + context is validated against the value used + during encryption. If a context was provided + during encryption, same context must be provided + during decryption as well. If the context + is not set, plaintext would be used as is + for encryption. If the context is set but: + 1. there is no record present when transforming + a given value or 2. the field is not present + when transforming a given value, plaintext + would be used as is for encryption. Note that + case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s.' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: The key used by the encryption + function. For deterministic encryption using + AES-SIV, the provided key is internally expanded + to 64 bytes prior to use. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + surrogateInfoType: + description: 'The custom info type to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom info type followed + by the number of characters comprising the + surrogate. The following scheme defines the + format: {info type name}({surrogate character + count}):{surrogate} For example, if the name + of custom info type is ''MY_TOKEN_INFO_TYPE'' + and the surrogate is ''abc'', the full replacement + value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' + This annotation identifies the surrogate when + inspecting content using the custom info type + ''Surrogate''. This facilitates reversal of + the surrogate when it occurs in free text. + Note: For record transformations where the + entire cell in a table is being transformed, + surrogates are not mandatory. Surrogates are + used to denote the location of the token and + are necessary for re-identification in free + form text. In order for inspection to work + properly, the name of this info type must + not occur naturally anywhere in your data; + otherwise, inspection may either - reverse + a surrogate that does not correspond to an + actual identifier - be unable to parse the + surrogate and result in an error Therefore, + choose your custom info type name carefully + after considering what your data looks like. + One way to select a name that has a high chance + of yielding reliable detection is to include + one or more unicode characters that are highly + improbable to exist in your data. For example, + assuming your data is entered from a regular + ASCII keyboard, the symbol with the hex code + point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: object + cryptoHashConfig: + description: Crypto + properties: + cryptoKey: + description: The key used by the hash function. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible - values: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, - NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, - ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context - may be used for higher security - since the same identifier in two - different contexts won''t be given - the same surrogate. If the context - is not set, a default tweak will - be used. If the context is set but: - 1. there is no record present when - transforming a given value or 1. - the field is not present when transforming - a given value, a default tweak will - be used. Note that case (1) is expected - when an `InfoTypeTransformation` - is applied to both structured and - non-structured `ContentItem`s. Currently, - the referenced field may be of value - type integer or string. The tweak - is constructed as a sequence of - bytes in big endian byte order such - that: - a 64 bit integer is encoded - followed by a single byte of value - 1 - a string is encoded in UTF-8 - format followed by a single byte - of value 2' - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Required. The key used - by the encryption algorithm. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + type: object + cryptoReplaceFfxFpeConfig: + description: Ffx-Fpe + properties: + commonAlphabet: + description: 'Common alphabets. Possible values: + FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, + HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' + type: string + context: + description: 'The ''tweak'', a context may be + used for higher security since the same identifier + in two different contexts won''t be given + the same surrogate. If the context is not + set, a default tweak will be used. If the + context is set but: 1. there is no record + present when transforming a given value or + 1. the field is not present when transforming + a given value, a default tweak will be used. + Note that case (1) is expected when an `InfoTypeTransformation` + is applied to both structured and non-structured + `ContentItem`s. Currently, the referenced + field may be of value type integer or string. + The tweak is constructed as a sequence of + bytes in big endian byte order such that: + - a 64 bit integer is encoded followed by + a single byte of value 1 - a string is encoded + in UTF-8 format followed by a single byte + of value 2' + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Required. The key used by the encryption + algorithm. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by - mapping these to the alphanumeric - characters that the FFX mode natively - supports. This happens before/after - encryption/decryption. Each character - listed must appear only once. Number - of characters must be in the range - [2, 95]. This must be encoded as - ASCII. The order of characters does - not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select - the alphabet. Must be in the range - [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType - to annotate the surrogate with. - This annotation will be applied - to the surrogate by prefixing it - with the name of the custom infoType - followed by the number of characters - comprising the surrogate. The following - scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom - infoType is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the - full replacement value will be: - ''MY_TOKEN_INFO_TYPE(3):abc'' This - annotation identifies the surrogate - when inspecting content using the - custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the - surrogate when it occurs in free - text. In order for inspection to - work properly, the name of this - infoType must not occur naturally - anywhere in your data; otherwise, - inspection may find a surrogate - that does not correspond to an actual - identifier. Therefore, choose your - custom infoType name carefully after - considering what your data looks - like. One way to select a name that - has a high chance of yielding reliable - detection is to include one or more - unicode characters that are highly - improbable to exist in your data. - For example, assuming your data - is entered from a regular ASCII - keyboard, the symbol with the hex - code point 29DD might be used like - so: ⧝MY_TOKEN_TYPE' - properties: - name: - description: Name of the information - type. Either a name of your - choosing when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that - contains the context, for example, - an entity id. If set, must also - set cryptoKey. If set, shift will - be consistent for the given context. - properties: - name: - description: Name describing the - field. - type: string - type: object - cryptoKey: - description: Causes the shift to be - computed based on this key and the - context. This results in the same - shift for the same context and crypto_key. - If set, must also set context. Can - only be applied to table items. - properties: - kmsWrapped: - description: Key wrapped using - Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace - of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The - wrapped data crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto - key - properties: - name: - description: 'Required. Name - of the key. This is an arbitrary - string used to differentiate - different keys. A unique - key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated - key if their names are the - same. When the data crypto - key is generated, this name - is not used in any way (repeating - the api call will result - in a different key being - generated).' - type: string - required: + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + customAlphabet: + description: 'This is supported by mapping these + to the alphanumeric characters that the FFX + mode natively supports. This happens before/after + encryption/decryption. Each character listed + must appear only once. Number of characters + must be in the range [2, 95]. This must be + encoded as ASCII. The order of characters + does not matter. The full list of allowed + characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz + ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' + type: string + radix: + description: The native way to select the alphabet. + Must be in the range [2, 95]. + format: int64 + type: integer + surrogateInfoType: + description: 'The custom infoType to annotate + the surrogate with. This annotation will be + applied to the surrogate by prefixing it with + the name of the custom infoType followed by + the number of characters comprising the surrogate. + The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType + is ''MY_TOKEN_INFO_TYPE'' and the surrogate + is ''abc'', the full replacement value will + be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation + identifies the surrogate when inspecting content + using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). + This facilitates reversal of the surrogate + when it occurs in free text. In order for + inspection to work properly, the name of this + infoType must not occur naturally anywhere + in your data; otherwise, inspection may find + a surrogate that does not correspond to an + actual identifier. Therefore, choose your + custom infoType name carefully after considering + what your data looks like. One way to select + a name that has a high chance of yielding + reliable detection is to include one or more + unicode characters that are highly improbable + to exist in your data. For example, assuming + your data is entered from a regular ASCII + keyboard, the symbol with the hex code point + 29DD might be used like so: ⧝MY_TOKEN_TYPE' + properties: + name: + description: Name of the information type. + Either a name of your choosing when creating + a CustomInfoType, or one of the names + listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data Catalog, + infoType names should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + required: + - cryptoKey + type: object + dateShiftConfig: + description: Date Shift + properties: + context: + description: Points to the field that contains + the context, for example, an entity id. If + set, must also set cryptoKey. If set, shift + will be consistent for the given context. + properties: + name: + description: Name describing the field. + type: string + type: object + cryptoKey: + description: Causes the shift to be computed + based on this key and the context. This results + in the same shift for the same context and + crypto_key. If set, must also set context. + Can only be applied to table items. + properties: + kmsWrapped: + description: Key wrapped using Cloud KMS + properties: + cryptoKeyRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto - key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, - -5 means shift date to at most 5 - days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift - in days. Actual shift will be selected - at random within this range (inclusive - ends). Negative means shift to earlier - in time. Must not be more than 365250 - days (1000 years) each direction. - For example, 3 means shift date - to at most 3 days into the future. - format: int64 - type: integer - required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each - bucket (except for minimum and maximum - buckets). So if `lower_bound` = - 10, `upper_bound` = 89, and `bucket_size` - = 10, then the following buckets - would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, - 80-89, 89+. Precision up to 2 decimals - works.' - format: double - type: number - lowerBound: - description: Required. Lower bound - value of buckets. All values less - than `lower_bound` are grouped together - into a single bucket; for example - if `lower_bound` = 10, then all - values less than 10 are replaced - with the value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound - value of buckets. All values greater - than upper_bound are grouped together - into a single bucket; for example - if `upper_bound` = 89, then all - values greater than 89 are replaced - with the value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified - value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction - properties: - partToExtract: - description: 'The part of the time - to keep. Possible values: TIME_PART_UNSPECIFIED, - YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, - WEEK_OF_YEAR, HOUR_OF_DAY' - type: string - type: object - type: object - required: - - primitiveTransformation - type: object - type: array - required: - - transformations + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The resource name of the KMS CryptoKey to use for unwrapping. + + Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + wrappedKey: + description: Required. The wrapped data + crypto key. + type: string + required: + - cryptoKeyRef + - wrappedKey + type: object + transient: + description: Transient crypto key + properties: + name: + description: 'Required. Name of the + key. This is an arbitrary string used + to differentiate different keys. A + unique key is generated per name: + two separate `TransientCryptoKey` + protos share the same generated key + if their names are the same. When + the data crypto key is generated, + this name is not used in any way (repeating + the api call will result in a different + key being generated).' + type: string + required: + - name + type: object + unwrapped: + description: Unwrapped crypto key + properties: + key: + description: Required. A 128/192/256 + bit key. + type: string + required: + - key + type: object + type: object + lowerBoundDays: + description: Required. For example, -5 means + shift date to at most 5 days back in the past. + format: int64 + type: integer + upperBoundDays: + description: Required. Range of shift in days. + Actual shift will be selected at random within + this range (inclusive ends). Negative means + shift to earlier in time. Must not be more + than 365250 days (1000 years) each direction. + For example, 3 means shift date to at most + 3 days into the future. + format: int64 + type: integer + required: + - lowerBoundDays + - upperBoundDays + type: object + fixedSizeBucketingConfig: + description: Fixed size bucketing + properties: + bucketSize: + description: 'Required. Size of each bucket + (except for minimum and maximum buckets). + So if `lower_bound` = 10, `upper_bound` = + 89, and `bucket_size` = 10, then the following + buckets would be used: -10, 10-20, 20-30, + 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, + 89+. Precision up to 2 decimals works.' + format: double + type: number + lowerBound: + description: Required. Lower bound value of + buckets. All values less than `lower_bound` + are grouped together into a single bucket; + for example if `lower_bound` = 10, then all + values less than 10 are replaced with the + value "-10". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + upperBound: + description: Required. Upper bound value of + buckets. All values greater than upper_bound + are grouped together into a single bucket; + for example if `upper_bound` = 89, then all + values greater than 89 are replaced with the + value "89+". + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + required: + - bucketSize + - lowerBound + - upperBound + type: object + redactConfig: + description: Redact + type: object + x-kubernetes-preserve-unknown-fields: true + replaceConfig: + description: Replace with a specified value. + properties: + newValue: + description: Value to replace it with. + properties: + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. Must be + from 1 to 31 and valid for the year + and month, or 0 to specify a year + by itself or a year and month where + the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. Must be + from 1 to 12, or 0 to specify a year + without a month and day. + format: int64 + type: integer + year: + description: Year of the date. Must + be from 1 to 9999, or 0 to specify + a date without a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible values: + DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, + WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer + format: int64 + type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day in 24 hour + format. Should be from 0 to 23. An + API may choose to allow the value + "24:00:00" for scenarios like business + closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour of day. + Must be from 0 to 59. + format: int64 + type: integer + nanos: + description: Fractions of seconds in + nanoseconds. Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes of the + time. Must normally be from 0 to 59. + An API may allow the value 60 if it + allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string + type: object + type: object + replaceWithInfoTypeConfig: + description: Replace with infotype + type: object + x-kubernetes-preserve-unknown-fields: true + timePartConfig: + description: Time extraction + properties: + partToExtract: + description: 'The part of the time to keep. + Possible values: TIME_PART_UNSPECIFIED, YEAR, + MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, + HOUR_OF_DAY' + type: string + type: object type: object - primitiveTransformation: - description: Apply the transformation to the entire - field. + required: + - fields + type: object + type: array + recordSuppressions: + description: Configuration defining which records get suppressed + entirely. Records that match any suppression rule are omitted + from the output. + items: + properties: + condition: + description: A condition that when it evaluates to true + will result in the record being evaluated to be suppressed + from the transformed content. properties: - bucketingConfig: - description: Bucketing + expressions: + description: An expression. properties: - buckets: - description: Set of buckets. Ranges must be - non-overlapping. - items: - properties: - max: - description: Upper bound of the range, - exclusive; type must match min. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - min: - description: Lower bound of the range, - inclusive. Type should be the same as - max if used. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - replacementValue: - description: Required. Replacement value - for this bucket. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must - be from 1 to 31 and valid for - the year and month, or 0 to - specify a year by itself or - a year and month where the day - isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or 0 to - specify a year without a month - and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, or 0 - to specify a date without a - year. - format: int64 - type: integer + conditions: + description: Conditions to apply to the expression. + properties: + conditions: + description: A collection of conditions. + items: + properties: + field: + description: Required. Field within + the record this condition is evaluated + against. + properties: + name: + description: Name describing the + field. + type: string type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, THURSDAY, - FRIDAY, SATURDAY, SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string + operator: + description: 'Required. Operator used + to compare the field or infoType + to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, + AND' type: string - timeValue: - description: time of day + value: + description: Value to compare against. + [Mandatory, except for `EXISTS` + tests.] properties: - hours: - description: Hours of day in 24 - hour format. Should be from - 0 to 23. An API may choose to - allow the value "24:00:00" for - scenarios like business closing - time. - format: int64 - type: integer - minutes: - description: Minutes of hour of - day. Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds - in nanoseconds. Must be from - 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally be - from 0 to 59. An API may allow - the value 60 if it allows leap-seconds. + booleanValue: + description: boolean + type: boolean + dateValue: + description: date + properties: + day: + description: Day of a month. + Must be from 1 to 31 and + valid for the year and month, + or 0 to specify a year by + itself or a year and month + where the day isn't significant. + format: int64 + type: integer + month: + description: Month of a year. + Must be from 1 to 12, or + 0 to specify a year without + a month and day. + format: int64 + type: integer + year: + description: Year of the date. + Must be from 1 to 9999, + or 0 to specify a date without + a year. + format: int64 + type: integer + type: object + dayOfWeekValue: + description: 'day of week Possible + values: DAY_OF_WEEK_UNSPECIFIED, + MONDAY, TUESDAY, WEDNESDAY, + THURSDAY, FRIDAY, SATURDAY, + SUNDAY' + type: string + floatValue: + description: float + format: double + type: number + integerValue: + description: integer format: int64 type: integer + stringValue: + description: string + type: string + timeValue: + description: time of day + properties: + hours: + description: Hours of day + in 24 hour format. Should + be from 0 to 23. An API + may choose to allow the + value "24:00:00" for scenarios + like business closing time. + format: int64 + type: integer + minutes: + description: Minutes of hour + of day. Must be from 0 to + 59. + format: int64 + type: integer + nanos: + description: Fractions of + seconds in nanoseconds. + Must be from 0 to 999,999,999. + format: int64 + type: integer + seconds: + description: Seconds of minutes + of the time. Must normally + be from 0 to 59. An API + may allow the value 60 if + it allows leap-seconds. + format: int64 + type: integer + type: object + timestampValue: + description: timestamp + format: date-time + type: string type: object - timestampValue: - description: timestamp - format: date-time - type: string + required: + - field + - operator type: object - required: - - replacementValue - type: object - type: array + type: array + type: object + logicalOperator: + description: 'The operator to apply to the result + of conditions. Default and currently only + supported value is `AND`. Possible values: + LOGICAL_OPERATOR_UNSPECIFIED, AND' + type: string type: object - characterMaskConfig: - description: Mask - properties: - charactersToIgnore: - description: When masking a string, items in - this list will be skipped when replacing characters. - For example, if the input string is `555-555-5555` - and you instruct Cloud DLP to skip `-` and - mask 5 characters with `*`, Cloud DLP returns - `***-**5-5555`. - items: + type: object + type: object + type: array + type: object + transformationErrorHandling: + description: Mode for handling transformation errors. If left + unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + properties: + leaveUntransformed: + description: Ignore errors + type: object + x-kubernetes-preserve-unknown-fields: true + throwError: + description: Throw an error + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: object + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpinspecttemplates.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPInspectTemplate + plural: dlpinspecttemplates + shortNames: + - gcpdlpinspecttemplate + - gcpdlpinspecttemplates + singular: dlpinspecttemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Short description (max 256 chars). + type: string + displayName: + description: Display name (max 256 chars). + type: string + inspectConfig: + description: The core content of the template. Configuration of the + scanning process. + properties: + contentOptions: + description: List of options defining data content to scan. If + empty, text, images, and other content will be included. + items: + type: string + type: array + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud + Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType + will not cause a finding to be returned. It still can + be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, + EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name matches + one of existing infoTypes and that infoType is specified + in `InspectContent.info_types` field. Specifying the latter + adds findings to the one detected by the system. If built-in + info type is not specified in `InspectContent.info_types` + list then the name is treated as a custom info type. + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule if + the finding meets the criteria specified by the rule. + Defaults to `VERY_LIKELY` if not specified. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, + LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as + findings. When not specified, the entire match is + returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version of + the `StoredInfoType` used for inspection was created. + Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a request, + the system may automatically choose what detectors to run. By + default this may be all types, but may change over time as detectors + are updated. If you need precise control and predictability + as to what detectors are run you should specify specific InfoTypes + listed in the reference, otherwise a default list will be used, + which may change over time. + items: + properties: + name: + description: Name of the information type. Either a name + of your choosing when creating a CustomInfoType, or one + of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud DLP + results to Data Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings returned. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for specified + infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should be + provided. If InfoTypeLimit does not have an info_type, + the DLP API applies the limit against all info_types + that are found but not specified in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set higher. + When set within `InspectContentRequest`, this field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this InspectConfig. + Exclusion rules, contained in the set are executed in the end, + other rules are executed in the order they are specified for + each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. The + rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the rule. + properties: + cloudStoragePath: + description: Newline-delimited file of words + in Cloud Storage. Only a single file is + accepted. properties: - charactersToSkip: - description: Characters to not transform - when masking. - type: string - commonCharactersToIgnore: - description: 'Common characters to not - transform when masking. Useful to avoid - removing punctuation. Possible values: - COMMON_CHARS_TO_IGNORE_UNSPECIFIED, - NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, - PUNCTUATION, WHITESPACE' + path: + description: 'A url representing a file + or path (no wildcards) in Cloud Storage. + Example: gs://[BUCKET_NAME]/dictionary.txt' type: string type: object - type: array - maskingCharacter: - description: Character to use to mask the sensitive - values—for example, `*` for an alphabetic - string such as a name, or `0` for a numeric - string such as ZIP code or credit card number. - This string must have a length of 1. If not - supplied, this value defaults to `*` for strings, - and `0` for digits. - type: string - numberToMask: - description: Number of characters to mask. If - not set, all matching chars will be masked. - Skipped characters do not count towards this - tally. - format: int64 - type: integer - reverseOrder: - description: Mask characters in reverse order. - For example, if `masking_character` is `0`, - `number_to_mask` is `14`, and `reverse_order` - is `false`, then the input string `1234-5678-9012-3456` - is masked as `00000000000000-3456`. If `masking_character` - is `*`, `number_to_mask` is `3`, and `reverse_order` - is `true`, then the string `12345` is masked - as `12***`. - type: boolean - type: object - cryptoDeterministicConfig: - description: Deterministic Crypto - properties: - context: - description: 'A context may be used for higher - security and maintaining referential integrity - such that the same identifier in two different - contexts will be given a distinct surrogate. - The context is appended to plaintext value - being encrypted. On decryption the provided - context is validated against the value used - during encryption. If a context was provided - during encryption, same context must be provided - during decryption as well. If the context - is not set, plaintext would be used as is - for encryption. If the context is set but: - 1. there is no record present when transforming - a given value or 2. the field is not present - when transforming a given value, plaintext - would be used as is for encryption. Note that - case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s.' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: The key used by the encryption - function. For deterministic encryption using - AES-SIV, the provided key is internally expanded - to 64 bytes prior to use. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - surrogateInfoType: - description: 'The custom info type to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom info type followed - by the number of characters comprising the - surrogate. The following scheme defines the - format: {info type name}({surrogate character - count}):{surrogate} For example, if the name - of custom info type is ''MY_TOKEN_INFO_TYPE'' - and the surrogate is ''abc'', the full replacement - value will be: ''MY_TOKEN_INFO_TYPE(3):abc'' - This annotation identifies the surrogate when - inspecting content using the custom info type - ''Surrogate''. This facilitates reversal of - the surrogate when it occurs in free text. - Note: For record transformations where the - entire cell in a table is being transformed, - surrogates are not mandatory. Surrogates are - used to denote the location of the token and - are necessary for re-identification in free - form text. In order for inspection to work - properly, the name of this info type must - not occur naturally anywhere in your data; - otherwise, inspection may either - reverse - a surrogate that does not correspond to an - actual identifier - be unable to parse the - surrogate and result in an error Therefore, - choose your custom info type name carefully - after considering what your data looks like. - One way to select a name that has a high chance - of yielding reliable detection is to include - one or more unicode characters that are highly - improbable to exist in your data. For example, - assuming your data is entered from a regular - ASCII keyboard, the symbol with the hex code - point 29DD might be used like so: ⧝MY_TOKEN_TYPE.' - properties: - name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: object - cryptoHashConfig: - description: Crypto - properties: - cryptoKey: - description: The key used by the hash function. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: - - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - type: object - cryptoReplaceFfxFpeConfig: - description: Ffx-Fpe - properties: - commonAlphabet: - description: 'Common alphabets. Possible values: - FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, - HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC' - type: string - context: - description: 'The ''tweak'', a context may be - used for higher security since the same identifier - in two different contexts won''t be given - the same surrogate. If the context is not - set, a default tweak will be used. If the - context is set but: 1. there is no record - present when transforming a given value or - 1. the field is not present when transforming - a given value, a default tweak will be used. - Note that case (1) is expected when an `InfoTypeTransformation` - is applied to both structured and non-structured - `ContentItem`s. Currently, the referenced - field may be of value type integer or string. - The tweak is constructed as a sequence of - bytes in big endian byte order such that: - - a 64 bit integer is encoded followed by - a single byte of value 1 - a string is encoded - in UTF-8 format followed by a single byte - of value 2' - properties: - name: - description: Name describing the field. - type: string - type: object - cryptoKey: - description: Required. The key used by the encryption - algorithm. - properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - wrappedKey: - description: Required. The wrapped data - crypto key. + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and every + phrase must contain at least 2 characters + that are letters or digits. [required] + items: type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps or + contained within with a finding of an infoType + from this list. For example, for `InspectionRuleSet.info_types` + containing "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number findings + are dropped if they overlap with EMAIL_ADDRESS + finding. That leads to "555-222-2222@example.org" + to generate only a single finding, namely + email address. + items: properties: name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, or + one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When + sending Cloud DLP results to Data + Catalog, infoType names should conform + to the pattern `[A-Za-z0-9$-_]{1,64}`. type: string - required: - - name type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string + type: array + type: object + matchingType: + description: 'How the rule is applied, see MatchingType + documentation for details. Possible values: + MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, + MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch to + extract as findings. When not specified, + the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply to + all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a finding + to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, + VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the likelihood + by the specified number of levels. For example, + if a finding would be `POSSIBLE` without + the detection rule and `relative_likelihood` + is 1, then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to `UNLIKELY`. + Likelihood may never drop below `VERY_UNLIKELY` + or exceed `VERY_LIKELY`, so applying an + adjustment of 1 followed by an adjustment + of -1 when base likelihood is `VERY_LIKELY` + will result in a final likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within which + the entire hotword must reside. The total length + of the window cannot exceed 1000 characters. + Note that the finding itself will be included + in the window, so that hotwords may be used + to match substrings of the finding itself. For + example, the certainty of a phone number regex + "(d{3}) d{3}-d{4}" could be adjusted upwards + if the area code is known to be the local area + code of a company office using the hotword regex + "(xxx)", where "xxx" is the area code in question. + properties: + windowAfter: + description: Number of characters after the + finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before the + finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of an inspectTemplate. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of an inspectTemplate. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpjobtriggers.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPJobTrigger + plural: dlpjobtriggers + shortNames: + - gcpdlpjobtrigger + - gcpdlpjobtriggers + singular: dlpjobtrigger + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User provided description (max 256 chars) + type: string + displayName: + description: Display name (max 100 chars) + type: string + inspectJob: + description: For inspect jobs, a snapshot of the configuration. + properties: + actions: + description: Actions to execute at the completion of the job. + items: + properties: + jobNotificationEmails: + description: Enable email notification for project owners + and editors on job's completion/failure. + type: object + x-kubernetes-preserve-unknown-fields: true + pubSub: + description: Publish a notification to a pubsub topic. + properties: + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + publishFindingsToCloudDataCatalog: + description: Publish findings to Cloud Datahub. + type: object + x-kubernetes-preserve-unknown-fields: true + publishSummaryToCscc: + description: Publish summary to Cloud Security Command Center + (Alpha). + type: object + x-kubernetes-preserve-unknown-fields: true + publishToStackdriver: + description: Enable Stackdriver metric dlp.googleapis.com/finding_count. + type: object + x-kubernetes-preserve-unknown-fields: true + saveFindings: + description: Save resulting findings in a provided location. + properties: + outputConfig: + description: Location to store findings outside of DLP. + properties: + dlpStorage: + description: Store findings directly to DLP. If + neither this or bigquery is chosen only summary + stats of total infotype count will be stored. + Quotes will not be stored to dlp findings. If + quotes are needed, store to BigQuery. Currently + only for inspect jobs. + type: object + x-kubernetes-preserve-unknown-fields: true + outputSchema: + description: 'Schema used for writing the findings + for Inspect jobs. This field is only used for + Inspect and must be unspecified for Risk jobs. + Columns are derived from the `Finding` object. + If appending to an existing table, any columns + from the predefined schema that are missing will + be added. No columns in the existing table will + be deleted. If unspecified, then all available + columns will be used for a new table or an (existing) + table with no schema, and no changes will be made + to an existing table that has a schema. Only for + use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, + BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, + BIG_QUERY_COLUMNS, ALL_COLUMNS' + type: string + table: + description: 'Store findings in an existing table + or a new table in an existing dataset. If table_id + is not set a new one will be generated for you + with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. + Pacific timezone will be used for generating the + date details. For Inspect, each column in an existing + output table must have the same name, type, and + mode of a field in the `Finding` object. For Risk, + an existing output table should be the output + of a previous Risk analysis job run on the same + source table, with the same privacy metric and + quasi-identifiers. Risk jobs that analyze the + same table but compute a different privacy metric, + or use different sets of quasi-identifiers, cannot + store their results in the same table.' + properties: + datasetRef: + oneOf: + - not: required: - - key - type: object - type: object - customAlphabet: - description: 'This is supported by mapping these - to the alphanumeric characters that the FFX - mode natively supports. This happens before/after - encryption/decryption. Each character listed - must appear only once. Number of characters - must be in the range [2, 95]. This must be - encoded as ASCII. The order of characters - does not matter. The full list of allowed - characters is: ``0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz - ~`!@#$%^&*()_-+={[}]|:;"''<,>.?/``' - type: string - radix: - description: The native way to select the alphabet. - Must be in the range [2, 95]. - format: int64 - type: integer - surrogateInfoType: - description: 'The custom infoType to annotate - the surrogate with. This annotation will be - applied to the surrogate by prefixing it with - the name of the custom infoType followed by - the number of characters comprising the surrogate. - The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType - is ''MY_TOKEN_INFO_TYPE'' and the surrogate - is ''abc'', the full replacement value will - be: ''MY_TOKEN_INFO_TYPE(3):abc'' This annotation - identifies the surrogate when inspecting content - using the custom infoType [`SurrogateType`](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). - This facilitates reversal of the surrogate - when it occurs in free text. In order for - inspection to work properly, the name of this - infoType must not occur naturally anywhere - in your data; otherwise, inspection may find - a surrogate that does not correspond to an - actual identifier. Therefore, choose your - custom infoType name carefully after considering - what your data looks like. One way to select - a name that has a high chance of yielding - reliable detection is to include one or more - unicode characters that are highly improbable - to exist in your data. For example, assuming - your data is entered from a regular ASCII - keyboard, the symbol with the hex code point - 29DD might be used like so: ⧝MY_TOKEN_TYPE' + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string name: - description: Name of the information type. - Either a name of your choosing when creating - a CustomInfoType, or one of the names - listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data Catalog, - infoType names should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - required: - - cryptoKey - type: object - dateShiftConfig: - description: Date Shift - properties: - context: - description: Points to the field that contains - the context, for example, an entity id. If - set, must also set cryptoKey. If set, shift - will be consistent for the given context. + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string name: - description: Name describing the field. + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - cryptoKey: - description: Causes the shift to be computed - based on this key and the context. This results - in the same shift for the same context and - crypto_key. If set, must also set context. - Can only be applied to table items. + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - kmsWrapped: - description: Key wrapped using Cloud KMS - properties: - cryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + type: object + type: object + type: array + inspectConfig: + description: How and what to scan for. + properties: + customInfoTypes: + description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes + to learn more. + items: + properties: + detectionRules: + description: Set of detection rules to apply to all + findings of this CustomInfoType. Rules are applied + in order that they are specified. Not supported for + the `surrogate_type` CustomInfoType. + items: + properties: + hotwordRule: + description: Hotword-based detection rule. + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + dictionary: + description: A list of phrases to detect as a CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in + Cloud Storage. Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path + (no wildcards) in Cloud Storage. Example: + gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases to search + for. + properties: + words: + description: Words or phrases defining the dictionary. + The dictionary must contain at least one phrase + and every phrase must contain at least 2 characters + that are letters or digits. [required] + items: + type: string + type: array + type: object + type: object + exclusionType: + description: 'If set to EXCLUSION_TYPE_EXCLUDE this + infoType will not cause a finding to be returned. + It still can be used for rules matching. Possible + values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' + type: string + infoType: + description: CustomInfoType can either be a new infoType, + or an extension of built-in infoType, when the name + matches one of existing infoTypes and that infoType + is specified in `InspectContent.info_types` field. + Specifying the latter adds findings to the one detected + by the system. If built-in info type is not specified + in `InspectContent.info_types` list then the name + is treated as a custom info type. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType names + should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + likelihood: + description: 'Likelihood to return for this CustomInfoType. + This base value can be altered by a detection rule + if the finding meets the criteria specified by the + rule. Defaults to `VERY_LIKELY` if not specified. + Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + regex: + description: Regular expression based CustomInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract + as findings. When not specified, the entire match + is returned. No more than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. + Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository on + GitHub. + type: string + type: object + storedType: + description: Load an existing `StoredInfoType` resource + for use in `InspectDataSource`. Not currently supported + in `InspectContent`. + properties: + createTime: + description: Timestamp indicating when the version + of the `StoredInfoType` used for inspection was + created. Output-only field, populated by the system. + format: date-time + type: string + nameRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + + Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + surrogateType: + description: Message for detecting output from deidentification + transformations that support reversing. + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + type: array + excludeInfoTypes: + description: When true, excludes type information of the findings. + This is not used for data profiling. + type: boolean + includeQuote: + description: When true, a contextual quote from the data that + triggered a finding is included in the response; see Finding.quote. + This is not used for data profiling. + type: boolean + infoTypes: + description: Restricts what info_types to look for. The values + must correspond to InfoType values returned by ListInfoTypes + or listed at https://cloud.google.com/dlp/docs/infotypes-reference. + When no InfoTypes or CustomInfoTypes are specified in a + request, the system may automatically choose what detectors + to run. By default this may be all types, but may change + over time as detectors are updated. If you need precise + control and predictability as to what detectors are run + you should specify specific InfoTypes listed in the reference, + otherwise a default list will be used, which may change + over time. + items: + properties: + name: + description: Name of the information type. Either a + name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending Cloud + DLP results to Data Catalog, infoType names should + conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + type: object + type: array + limits: + description: Configuration to control the number of findings + returned. This is not used for data profiling. + properties: + maxFindingsPerInfoType: + description: Configuration of findings limit given for + specified infoTypes. + items: + properties: + infoType: + description: Type of information the findings limit + applies to. Only one limit per info_type should + be provided. If InfoTypeLimit does not have an + info_type, the DLP API applies the limit against + all info_types that are found but not specified + in another InfoTypeLimit. + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this + InfoType. + type: string + type: object + maxFindings: + description: Max findings limit for the given infoType. + format: int64 + type: integer + type: object + type: array + maxFindingsPerItem: + description: Max number of findings that will be returned + for each item scanned. When set within `InspectJobConfig`, + the maximum returned is 2000 regardless if this is set + higher. When set within `InspectContentRequest`, this + field is ignored. + format: int64 + type: integer + maxFindingsPerRequest: + description: Max number of findings that will be returned + per request/job. When set within `InspectContentRequest`, + the maximum returned is 2000 regardless if this is set + higher. + format: int64 + type: integer + type: object + minLikelihood: + description: 'Only returns findings equal or above this threshold. + The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood + to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, + VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + ruleSet: + description: Set of rules to apply to the findings for this + InspectConfig. Exclusion rules, contained in the set are + executed in the end, other rules are executed in the order + they are specified for each info type. + items: + properties: + infoTypes: + description: List of infoTypes this rule set is applied + to. + items: + properties: + name: + description: Name of the information type. Either + a name of your choosing when creating a CustomInfoType, + or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. When sending + Cloud DLP results to Data Catalog, infoType + names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. + type: string + version: + description: Optional version name for this InfoType. + type: string + type: object + type: array + rules: + description: Set of rules to be applied to infoTypes. + The rules are applied in order. + items: + properties: + exclusionRule: + description: Exclusion rule. + properties: + dictionary: + description: Dictionary which defines the + rule. + properties: + cloudStoragePath: + description: Newline-delimited file of + words in Cloud Storage. Only a single + file is accepted. + properties: + path: + description: 'A url representing a + file or path (no wildcards) in Cloud + Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + type: object + wordList: + description: List of words or phrases + to search for. + properties: + words: + description: Words or phrases defining + the dictionary. The dictionary must + contain at least one phrase and + every phrase must contain at least + 2 characters that are letters or + digits. [required] + items: + type: string + type: array + type: object + type: object + excludeInfoTypes: + description: Set of infoTypes for which findings + would affect this rule. + properties: + infoTypes: + description: InfoType list in ExclusionRule + rule drops a finding when it overlaps + or contained within with a finding of + an infoType from this list. For example, + for `InspectionRuleSet.info_types` containing + "PHONE_NUMBER"` and `exclusion_rule` + containing `exclude_info_types.info_types` + with "EMAIL_ADDRESS" the phone number + findings are dropped if they overlap + with EMAIL_ADDRESS finding. That leads + to "555-222-2222@example.org" to generate + only a single finding, namely email + address. + items: properties: - external: - description: |- - Required. The resource name of the KMS CryptoKey to use for unwrapping. - - Allowed value: The Google Cloud resource name of a `KMSCryptoKey` resource (format: `{{selfLink}}`). - type: string name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: Name of the information + type. Either a name of your choosing + when creating a CustomInfoType, + or one of the names listed at + https://cloud.google.com/dlp/docs/infotypes-reference + when specifying a built-in type. + When sending Cloud DLP results + to Data Catalog, infoType names + should conform to the pattern + `[A-Za-z0-9$-_]{1,64}`. type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + version: + description: Optional version name + for this InfoType. type: string type: object - wrappedKey: - description: Required. The wrapped data - crypto key. - type: string - required: - - cryptoKeyRef - - wrappedKey - type: object - transient: - description: Transient crypto key - properties: - name: - description: 'Required. Name of the - key. This is an arbitrary string used - to differentiate different keys. A - unique key is generated per name: - two separate `TransientCryptoKey` - protos share the same generated key - if their names are the same. When - the data crypto key is generated, - this name is not used in any way (repeating - the api call will result in a different - key being generated).' - type: string - required: + type: array + type: object + matchingType: + description: 'How the rule is applied, see + MatchingType documentation for details. + Possible values: MATCHING_TYPE_UNSPECIFIED, + MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, + MATCHING_TYPE_INVERSE_MATCH' + type: string + regex: + description: Regular expression which defines + the rule. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + type: object + hotwordRule: + properties: + hotwordRegex: + description: Regular expression pattern defining + what qualifies as a hotword. + properties: + groupIndexes: + description: The index of the submatch + to extract as findings. When not specified, + the entire match is returned. No more + than 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular + expression. Its syntax (https://github.com/google/re2/wiki/Syntax) + can be found under the google/re2 repository + on GitHub. + type: string + type: object + likelihoodAdjustment: + description: Likelihood adjustment to apply + to all matching findings. + properties: + fixedLikelihood: + description: 'Set the likelihood of a + finding to a fixed value. Possible values: + LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, + UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: string + relativeLikelihood: + description: Increase or decrease the + likelihood by the specified number of + levels. For example, if a finding would + be `POSSIBLE` without the detection + rule and `relative_likelihood` is 1, + then it is upgraded to `LIKELY`, while + a value of -1 would downgrade it to + `UNLIKELY`. Likelihood may never drop + below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, + so applying an adjustment of 1 followed + by an adjustment of -1 when base likelihood + is `VERY_LIKELY` will result in a final + likelihood of `LIKELY`. + format: int64 + type: integer + type: object + proximity: + description: Proximity of the finding within + which the entire hotword must reside. The + total length of the window cannot exceed + 1000 characters. Note that the finding itself + will be included in the window, so that + hotwords may be used to match substrings + of the finding itself. For example, the + certainty of a phone number regex "(d{3}) + d{3}-d{4}" could be adjusted upwards if + the area code is known to be the local area + code of a company office using the hotword + regex "(xxx)", where "xxx" is the area code + in question. + properties: + windowAfter: + description: Number of characters after + the finding to consider. + format: int64 + type: integer + windowBefore: + description: Number of characters before + the finding to consider. + format: int64 + type: integer + type: object + type: object + type: object + type: array + type: object + type: array + type: object + inspectTemplateRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. + + Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + storageConfig: + description: The data to scan. + properties: + bigQueryOptions: + description: BigQuery options. + properties: + excludedFields: + description: References to fields excluded from scanning. + This allows you to skip inspection of entire columns + which you know have no findings. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + identifyingFields: + description: Table fields that may uniquely identify a + row within the table. When `actions.saveFindings.outputConfig.table` + is specified, the values of columns specified here are + available in the output table under `location.content_locations.record_location.record_key.id_values`. + Nested fields such as `person.birthdate.year` are allowed. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + includedFields: + description: Limit scanning only to these fields. + items: + properties: + name: + description: Name describing the field. + type: string + type: object + type: array + rowsLimit: + description: Max number of rows to scan. If the table + has more rows than this value, the rest of the rows + are omitted. If not set, or if set to 0, all rows will + be scanned. Only one of rows_limit and rows_limit_percent + can be specified. Cannot be used in conjunction with + TimespanConfig. + format: int64 + type: integer + rowsLimitPercent: + description: Max percentage of rows to scan. The rest + are omitted. The number of rows scanned is rounded down. + Must be between 0 and 100, inclusively. Both 0 and 100 + means no limit. Defaults to 0. Only one of rows_limit + and rows_limit_percent can be specified. Cannot be used + in conjunction with TimespanConfig. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + tableReference: + description: Complete BigQuery table reference. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + required: + - tableReference + type: object + cloudStorageOptions: + description: Google Cloud Storage options. + properties: + bytesLimitPerFile: + description: Max number of bytes to scan from a file. + If a scanned file's size is bigger than this value then + the rest of the bytes are omitted. Only one of bytes_limit_per_file + and bytes_limit_per_file_percent can be specified. Cannot + be set if de-identification is requested. + format: int64 + type: integer + bytesLimitPerFilePercent: + description: Max percentage of bytes to scan from a file. + The rest are omitted. The number of bytes scanned is + rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. Only one + of bytes_limit_per_file and bytes_limit_per_file_percent + can be specified. Cannot be set if de-identification + is requested. + format: int64 + type: integer + fileSet: + description: The set of one or more files to scan. + properties: + regexFileSet: + description: The regex-filtered set of files to scan. + Exactly one of `url` or `regex_file_set` must be + set. + properties: + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - unwrapped: - description: Unwrapped crypto key - properties: - key: - description: Required. A 128/192/256 - bit key. - type: string - required: - - key - type: object - type: object - lowerBoundDays: - description: Required. For example, -5 means - shift date to at most 5 days back in the past. - format: int64 - type: integer - upperBoundDays: - description: Required. Range of shift in days. - Actual shift will be selected at random within - this range (inclusive ends). Negative means - shift to earlier in time. Must not be more - than 365250 days (1000 years) each direction. - For example, 3 means shift date to at most - 3 days into the future. - format: int64 - type: integer + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of a Cloud Storage bucket. Required. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + excludeRegex: + description: A list of regular expressions matching + file paths to exclude. All files in the bucket + that match at least one of these regular expressions + will be excluded from the scan. Regular expressions + use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + includeRegex: + description: A list of regular expressions matching + file paths to include. All files in the bucket + that match at least one of these regular expressions + will be included in the set of files, except + for those that also match an item in `exclude_regex`. + Leaving this field empty will match all files + by default (this is equivalent to including + `.*` in the list). Regular expressions use RE2 + [syntax](https://github.com/google/re2/wiki/Syntax); + a guide can be found under the google/re2 repository + on GitHub. + items: + type: string + type: array + required: + - bucketRef + type: object + url: + description: The Cloud Storage url of the file(s) + to scan, in the format `gs:///`. Trailing wildcard + in the path is allowed. If the url ends in a trailing + slash, the bucket or directory represented by the + url will be scanned non-recursively (content in + sub-directories will not be scanned). This means + that `gs://mybucket/` is equivalent to `gs://mybucket/*`, + and `gs://mybucket/directory/` is equivalent to + `gs://mybucket/directory/*`. Exactly one of `url` + or `regex_file_set` must be set. + type: string + type: object + fileTypes: + description: List of file type groups to include in the + scan. If empty, all files are scanned and available + data format processors are applied. In addition, the + binary content of the selected files is always scanned + as well. Images are scanned only as binary if the specified + region does not support image inspection and no file_types + were specified. Image inspection is restricted to 'global', + 'us', 'asia', and 'europe'. + items: + type: string + type: array + filesLimitPercent: + description: Limits the number of files to scan to this + percentage of the input FileSet. Number of files scanned + is rounded down. Must be between 0 and 100, inclusively. + Both 0 and 100 means no limit. Defaults to 0. + format: int64 + type: integer + sampleMethod: + description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, + TOP, RANDOM_START' + type: string + type: object + datastoreOptions: + description: Google Cloud Datastore options. + properties: + kind: + description: The kind to process. + properties: + name: + description: The name of the kind. + type: string + type: object + partitionId: + description: A partition ID identifies a grouping of entities. + The grouping is always by project namespace ID may be + empty. + properties: + namespaceId: + description: If not empty, the ID of the namespace + to which the entities belong. + type: string + projectRef: + oneOf: + - not: + required: + - external required: - - lowerBoundDays - - upperBoundDays - type: object - fixedSizeBucketingConfig: - description: Fixed size bucketing - properties: - bucketSize: - description: 'Required. Size of each bucket - (except for minimum and maximum buckets). - So if `lower_bound` = 10, `upper_bound` = - 89, and `bucket_size` = 10, then the following - buckets would be used: -10, 10-20, 20-30, - 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, - 89+. Precision up to 2 decimals works.' - format: double - type: number - lowerBound: - description: Required. Lower bound value of - buckets. All values less than `lower_bound` - are grouped together into a single bucket; - for example if `lower_bound` = 10, then all - values less than 10 are replaced with the - value "-10". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - upperBound: - description: Required. Upper bound value of - buckets. All values greater than upper_bound - are grouped together into a single bucket; - for example if `upper_bound` = 89, then all - values greater than 89 are replaced with the - value "89+". - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - - bucketSize - - lowerBound - - upperBound - type: object - redactConfig: - description: Redact - type: object - x-kubernetes-preserve-unknown-fields: true - replaceConfig: - description: Replace with a specified value. - properties: - newValue: - description: Value to replace it with. - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. Must be - from 1 to 31 and valid for the year - and month, or 0 to specify a year - by itself or a year and month where - the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. Must be - from 1 to 12, or 0 to specify a year - without a month and day. - format: int64 - type: integer - year: - description: Year of the date. Must - be from 1 to 9999, or 0 to specify - a date without a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible values: - DAY_OF_WEEK_UNSPECIFIED, MONDAY, TUESDAY, - WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day in 24 hour - format. Should be from 0 to 23. An - API may choose to allow the value - "24:00:00" for scenarios like business - closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour of day. - Must be from 0 to 59. - format: int64 - type: integer - nanos: - description: Fractions of seconds in - nanoseconds. Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes of the - time. Must normally be from 0 to 59. - An API may allow the value 60 if it - allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - type: object - replaceWithInfoTypeConfig: - description: Replace with infotype - type: object - x-kubernetes-preserve-unknown-fields: true - timePartConfig: - description: Time extraction + - external + properties: + external: + description: |- + The ID of the project to which the entities belong. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + hybridOptions: + description: Hybrid inspection options. + properties: + description: + description: A short description of where the data is + coming from. Will be stored once in the job. 256 max + length. + type: string + labels: + additionalProperties: + type: string + description: 'To organize findings, these labels will + be added to each finding. Label keys must be between + 1 and 63 characters long and must conform to the following + regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label + values must be between 0 and 63 characters long and + must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. + No more than 10 labels can be associated with a given + finding. Examples: * `"environment" : "production"` + * `"pipeline" : "etl"`' + type: object + requiredFindingLabelKeys: + description: 'These are labels that each inspection request + must include within their ''finding_labels'' map. Request + may contain others, but any missing one of these will + be rejected. Label keys must be between 1 and 63 characters + long and must conform to the following regular expression: + `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can + be required.' + items: + type: string + type: array + tableOptions: + description: If the container is a table, additional information + to make findings meaningful such as the columns that + are primary keys. + properties: + identifyingFields: + description: The columns that are the primary keys + for table objects included in ContentItem. A copy + of this cell's value will stored alongside alongside + each finding so that the finding can be traced to + the specific row it came from. No more than 3 may + be provided. + items: properties: - partToExtract: - description: 'The part of the time to keep. - Possible values: TIME_PART_UNSPECIFIED, YEAR, - MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, - HOUR_OF_DAY' + name: + description: Name describing the field. type: string type: object - type: object + type: array + type: object + type: object + timespanConfig: + properties: + enableAutoPopulationOfTimespanConfig: + description: When the job is started by a JobTrigger we + will automatically figure out a valid start_time to + avoid scanning files that have not been modified since + the last time the JobTrigger executed. This will be + based on the time of the execution of the last run of + the JobTrigger. + type: boolean + endTime: + description: Exclude files, tables, or rows newer than + this value. If not set, no upper time limit is applied. + format: date-time + type: string + startTime: + description: Exclude files, tables, or rows older than + this value. If not set, no lower time limit is applied. + format: date-time + type: string + timestampField: + description: 'Specification of the field containing the + timestamp of scanned items. Used for data sources like + Datastore and BigQuery. For BigQuery: If this value + is not specified and the table was modified between + the given start and end times, the entire table will + be scanned. If this value is specified, then rows are + filtered based on the given start and end times. Rows + with a `NULL` value in the provided BigQuery column + are skipped. Valid data types of the provided BigQuery + column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. + For Datastore: If this value is specified, then entities + are filtered based on the given start and end times. + If an entity does not contain the provided timestamp + property or contains empty or invalid values, then it + is included. Valid data types of the provided timestamp + property are: `TIMESTAMP`.' + properties: + name: + description: Name describing the field. + type: string + type: object + type: object + type: object + required: + - storageConfig + type: object + location: + description: Immutable. The location of the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + status: + description: 'Immutable. Required. A status for this trigger. Possible + values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + type: string + triggers: + description: A list of triggers which will be OR'ed together. Only + one in the list needs to trigger for a job to be started. The list + may contain only a single Schedule trigger and must have at least + one object. + items: + properties: + manual: + description: For use with hybrid jobs. Jobs must be manually + created and finished. + type: object + x-kubernetes-preserve-unknown-fields: true + schedule: + description: Create a job on a repeating basis based on the + elapse of time. + properties: + recurrencePeriodDuration: + description: 'With this option a job is started a regular + periodic basis. For example: every day (86400 seconds). + A scheduled start time will be skipped if the previous + execution has not ended when its scheduled time occurs. + This value must be set to a time duration greater than + or equal to 1 day and can be no longer than 60 days.' + type: string + type: object + type: object + type: array + required: + - inspectJob + - projectRef + - status + - triggers + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The creation timestamp of a triggeredJob. + format: date-time + type: string + errors: + description: Output only. A stream of errors encountered when the + trigger was activated. Repeated errors may result in the JobTrigger + automatically being paused. Will return the last 100 errors. Whenever + the JobTrigger is modified this list will be cleared. + items: + properties: + details: + description: Detailed error codes and messages. + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + format: int64 + type: integer + details: + description: A list of messages that carry the error details. + There is a common set of message types for APIs to use. + items: + properties: + typeUrl: + description: 'A URL/resource name that uniquely identifies + the type of the serialized protocol buffer message. + This string must contain at least one "/" character. + The last segment of the URL''s path must represent + the fully qualified name of the type (as in `path/google.protobuf.Duration`). + The name should be in a canonical form (e.g., leading + "." is not accepted). In practice, teams usually + precompile into the binary all types that they expect + it to use in the context of Any. However, for URLs + which use the scheme `http`, `https`, or no scheme, + one can optionally set up a type server that maps + type URLs to message definitions as follows: * If + no scheme is provided, `https` is assumed. * An + HTTP GET on the URL must yield a google.protobuf.Type + value in binary format, or produce an error. * Applications + are allowed to cache lookup results based on the + URL, or have them precompiled into a binary to avoid + any lookup. Therefore, binary compatibility needs + to be preserved on changes to types. (Use versioned + type names to manage breaking changes.) Note: this + functionality is not currently available in the + official protobuf release, and it is not used for + type URLs beginning with type.googleapis.com. Schemes + other than `http`, `https` (or the empty scheme) + might be used with implementation specific semantics.' + type: string + value: + description: Must be a valid serialized protocol buffer + of the above specified type. + type: string + type: object + type: array + message: + description: A developer-facing error message, which should + be in English. Any user-facing error message should be + localized and sent in the google.rpc.Status.details field, + or localized by the client. + type: string + type: object + timestamps: + description: The times the error occurred. + items: + format: date-time + type: string + type: array + type: object + type: array + lastRunTime: + description: Output only. The timestamp of the last time this trigger + executed. + format: date-time + type: string + locationId: + description: Output only. The geographic location where this resource + is stored. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The last update timestamp of a triggeredJob. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com +spec: + group: dlp.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DLPStoredInfoType + plural: dlpstoredinfotypes + shortNames: + - gcpdlpstoredinfotype + - gcpdlpstoredinfotypes + singular: dlpstoredinfotype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - organizationRef + - required: + - projectRef + properties: + description: + description: Description of the StoredInfoType (max 256 characters). + type: string + dictionary: + description: Store dictionary-based CustomInfoType. + properties: + cloudStoragePath: + description: Newline-delimited file of words in Cloud Storage. + Only a single file is accepted. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + wordList: + description: List of words or phrases to search for. + properties: + words: + description: Words or phrases defining the dictionary. The + dictionary must contain at least one phrase and every phrase + must contain at least 2 characters that are letters or digits. + [required] + items: + type: string + type: array + required: + - words + type: object + type: object + displayName: + description: Display name of the StoredInfoType (max 256 characters). + type: string + largeCustomDictionary: + description: StoredInfoType where findings are defined by a dictionary + of phrases. + properties: + bigQueryField: + description: Field in a BigQuery table where each cell represents + a dictionary phrase. + properties: + field: + description: Designated field in the BigQuery table. + properties: + name: + description: Name describing the field. + type: string + type: object + table: + description: Source table of the field. + properties: + datasetRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Dataset ID of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + tableRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Name of the table. + + Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + cloudStorageFileSet: + description: Set of files containing newline-delimited lists of + dictionary phrases. + properties: + url: + description: The url, in the format `gs:///`. Trailing wildcard + in the path is allowed. + type: string + required: + - url + type: object + outputPath: + description: Location to store dictionary artifacts in Google + Cloud Storage. These files will only be accessible by project + owners and the DLP API. If any of these artifacts are modified, + the dictionary is considered invalid and can no longer be used. + properties: + path: + description: 'A url representing a file or path (no wildcards) + in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + type: string + required: + - path + type: object + type: object + location: + description: Immutable. The location of the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + Only one of [organizationRef, projectRef] may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The Google Cloud resource name of + a `Project` resource (format: `projects/{{name}}`).' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regex: + description: Store regular expression-based StoredInfoType. + properties: + groupIndexes: + description: The index of the submatch to extract as findings. + When not specified, the entire match is returned. No more than + 3 may be included. + items: + format: int64 + type: integer + type: array + pattern: + description: Pattern defining the regular expression. Its syntax + (https://github.com/google/re2/wiki/Syntax) can be found under + the google/re2 repository on GitHub. + type: string + required: + - pattern + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsmanagedzones.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSManagedZone + plural: dnsmanagedzones + shortNames: + - gcpdnsmanagedzone + - gcpdnsmanagedzones + singular: dnsmanagedzone + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cloudLoggingConfig: + description: Cloud logging configuration. + properties: + enableLogging: + description: If set, enable query logging for this ManagedZone. + False by default, making logging opt-in. + type: boolean + required: + - enableLogging + type: object + description: + description: A textual description field. Defaults to 'Managed by + Config Connector'. + type: string + dnsName: + description: Immutable. The DNS name of this managed zone, for instance + "example.com.". + type: string + dnssecConfig: + description: DNSSEC configuration. + properties: + defaultKeySpecs: + description: |- + Specifies parameters that will be used for generating initial DnsKeys + for this ManagedZone. If you provide a spec for keySigning or zoneSigning, + you must also provide one for the other. + default_key_specs can only be updated when the state is 'off'. + items: + properties: + algorithm: + description: 'String mnemonic specifying the DNSSEC algorithm + of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", + "rsasha1", "rsasha256", "rsasha512"].' + type: string + keyLength: + description: Length of the keys in bits. + type: integer + keyType: + description: |- + Specifies whether this is a key signing key (KSK) or a zone + signing key (ZSK). Key signing keys have the Secure Entry + Point flag set and, when active, will only be used to sign + resource record sets of type DNSKEY. Zone signing keys do + not have the Secure Entry Point flag set and will be used + to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. + type: string + kind: + description: Identifies what kind of resource this is. + type: string + type: object + type: array + kind: + description: Identifies what kind of resource this is. + type: string + nonExistence: + description: |- + Specifies the mechanism used to provide authenticated denial-of-existence responses. + non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + type: string + state: + description: 'Specifies whether DNSSEC is enabled, and what mode + it is in Possible values: ["off", "on", "transfer"].' + type: string + type: object + forwardingConfig: + description: |- + The presence for this field indicates that outbound forwarding is enabled + for this zone. The value of this field contains the set of destinations + to forward to. + properties: + targetNameServers: + description: |- + List of target name servers to forward to. Cloud DNS will + select the best available name server if more than + one target is given. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address of a target name server. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers + type: object + peeringConfig: + description: |- + The presence of this field indicates that DNS Peering is enabled for this + zone. The value of this field contains the network to peer with. + properties: + targetNetwork: + description: The network with which to peer. + properties: + networkRef: + description: VPC network to forward queries to. + oneOf: + - not: + required: + - external required: - - fields + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + required: + - targetNetwork + type: object + privateVisibilityConfig: + description: |- + For privately visible zones, the set of Virtual Private Cloud + resources that the zone is visible from. + properties: + gkeClusters: + description: The list of Google Kubernetes Engine clusters that + can see this zone. + items: + properties: + gkeClusterNameRef: + description: |- + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + 'projects/*/locations/*/clusters/*'. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of + a `ContainerCluster` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - recordSuppressions: - description: Configuration defining which records get suppressed - entirely. Records that match any suppression rule are omitted - from the output. - items: + required: + - gkeClusterNameRef + type: object + type: array + networks: + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - condition: - description: A condition that when it evaluates to true - will result in the record being evaluated to be suppressed - from the transformed content. - properties: - expressions: - description: An expression. - properties: - conditions: - description: Conditions to apply to the expression. - properties: - conditions: - description: A collection of conditions. - items: - properties: - field: - description: Required. Field within - the record this condition is evaluated - against. - properties: - name: - description: Name describing the - field. - type: string - type: object - operator: - description: 'Required. Operator used - to compare the field or infoType - to the value. Possible values: LOGICAL_OPERATOR_UNSPECIFIED, - AND' - type: string - value: - description: Value to compare against. - [Mandatory, except for `EXISTS` - tests.] - properties: - booleanValue: - description: boolean - type: boolean - dateValue: - description: date - properties: - day: - description: Day of a month. - Must be from 1 to 31 and - valid for the year and month, - or 0 to specify a year by - itself or a year and month - where the day isn't significant. - format: int64 - type: integer - month: - description: Month of a year. - Must be from 1 to 12, or - 0 to specify a year without - a month and day. - format: int64 - type: integer - year: - description: Year of the date. - Must be from 1 to 9999, - or 0 to specify a date without - a year. - format: int64 - type: integer - type: object - dayOfWeekValue: - description: 'day of week Possible - values: DAY_OF_WEEK_UNSPECIFIED, - MONDAY, TUESDAY, WEDNESDAY, - THURSDAY, FRIDAY, SATURDAY, - SUNDAY' - type: string - floatValue: - description: float - format: double - type: number - integerValue: - description: integer - format: int64 - type: integer - stringValue: - description: string - type: string - timeValue: - description: time of day - properties: - hours: - description: Hours of day - in 24 hour format. Should - be from 0 to 23. An API - may choose to allow the - value "24:00:00" for scenarios - like business closing time. - format: int64 - type: integer - minutes: - description: Minutes of hour - of day. Must be from 0 to - 59. - format: int64 - type: integer - nanos: - description: Fractions of - seconds in nanoseconds. - Must be from 0 to 999,999,999. - format: int64 - type: integer - seconds: - description: Seconds of minutes - of the time. Must normally - be from 0 to 59. An API - may allow the value 60 if - it allows leap-seconds. - format: int64 - type: integer - type: object - timestampValue: - description: timestamp - format: date-time - type: string - type: object - required: - - field - - operator - type: object - type: array - type: object - logicalOperator: - description: 'The operator to apply to the result - of conditions. Default and currently only - supported value is `AND`. Possible values: - LOGICAL_OPERATOR_UNSPECIFIED, AND' - type: string - type: object - type: object + external: + description: 'Allowed value: The `selfLink` field of + a `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - type: object - transformationErrorHandling: - description: Mode for handling transformation errors. If left - unspecified, the default mode is `TransformationErrorHandling.ThrowError`. + required: + - networkRef + type: object + type: array + required: + - networks + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + reverseLookup: + description: |- + Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse + lookup queries using automatically configured records for VPC resources. This only applies + to networks listed under 'private_visibility_config'. + type: boolean + serviceDirectoryConfig: + description: Immutable. The presence of this field indicates that + this zone is backed by Service Directory. The value of this field + contains information related to the namespace associated with the + zone. + properties: + namespace: + description: The namespace associated with the zone. properties: - leaveUntransformed: - description: Ignore errors - type: object - x-kubernetes-preserve-unknown-fields: true - throwError: - description: Throw an error - type: object - x-kubernetes-preserve-unknown-fields: true + namespaceUrl: + description: |- + The fully qualified or partial URL of the service directory namespace that should be + associated with the zone. This should be formatted like + 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' + or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' + Ignored for 'public' visibility zones. + type: string + required: + - namespaceUrl type: object + required: + - namespace + type: object + visibility: + description: |- + Immutable. The zone's visibility: public zones are exposed to the Internet, + while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. + type: string + required: + - dnsName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + creationTime: + description: |- + The time that this resource was created on the server. + This is in RFC3339 text format. + type: string + managedZoneId: + description: Unique identifier for the resource; defined by the server. + type: integer + nameServers: + description: |- + Delegate your managed_zone to these virtual name servers; + defined by the server. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnspolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSPolicy + plural: dnspolicies + shortNames: + - gcpdnspolicy + - gcpdnspolicies + singular: dnspolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeNameServerConfig: + description: |- + Sets an alternative name server for the associated networks. + When specified, all DNS queries are forwarded to a name server that you choose. + Names such as .internal are not available when an alternative name server is specified. + properties: + targetNameServers: + description: |- + Sets an alternative name server for the associated networks. When specified, + all DNS queries are forwarded to a name server that you choose. Names such as .internal + are not available when an alternative name server is specified. + items: + properties: + forwardingPath: + description: |- + Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding + decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go + to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. + type: string + ipv4Address: + description: IPv4 address to forward to. + type: string + required: + - ipv4Address + type: object + type: array + required: + - targetNameServers type: object description: - description: Short description (max 256 chars). + description: A textual description field. Defaults to 'Managed by + Config Connector'. type: string - displayName: - description: Display name (max 256 chars). + enableInboundForwarding: + description: |- + Allows networks bound to this policy to receive DNS queries sent + by VMs or applications over VPN connections. When enabled, a + virtual IP address will be allocated from each of the sub-networks + that are bound to this policy. + type: boolean + enableLogging: + description: |- + Controls whether logging is enabled for the networks bound to this policy. + Defaults to no logging if not set. + type: boolean + networks: + description: List of network names specifying networks to which this + policy is applied. + items: + properties: + networkRef: + description: VPC network to bind to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - networkRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsrecordsets.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSRecordSet + plural: dnsrecordsets + shortNames: + - gcpdnsrecordset + - gcpdnsrecordsets + singular: dnsrecordset + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - rrdatas + - required: + - rrdatasRefs + properties: + managedZoneRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `DNSManagedZone` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: Immutable. The DNS name this record set will apply to. + type: string + rrdatas: + description: DEPRECATED. Although this field is still available, there + is limited support. We recommend that you use `spec.rrdatasRefs` + instead. + items: + type: string + type: array + rrdatasRefs: + items: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + kind: + description: 'Kind of the referent. Allowed values: ComputeAddress' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + ttl: + description: The time-to-live of this record set (seconds). + type: integer + type: + description: The DNS record set type. + type: string + required: + - managedZoneRef + - name + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicies.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicy + plural: dnsresponsepolicies + shortNames: + - gcpdnsresponsepolicy + - gcpdnsresponsepolicies + singular: dnsresponsepolicy + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the response policy, such as 'My new + response policy'. + type: string + gkeClusters: + description: The list of Google Kubernetes Engine clusters that can + see this zone. + items: + properties: + gkeClusterName: + description: "The resource name of the cluster to bind this + ManagedZone to. \nThis should be specified in the format + like \n'projects/*/locations/*/clusters/*'." + type: string + required: + - gkeClusterName + type: object + type: array + networks: + description: The list of network names specifying networks to which + this policy is applied. + items: + properties: + networkUrl: + description: |- + The fully qualified URL of the VPC network to bind to. + This should be formatted like + 'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'. + type: string + required: + - networkUrl + type: object + type: array + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The responsePolicyName of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: dnsresponsepolicyrules.dns.cnrm.cloud.google.com +spec: + group: dns.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DNSResponsePolicyRule + plural: dnsresponsepolicyrules + shortNames: + - gcpdnsresponsepolicyrule + - gcpdnsresponsepolicyrules + singular: dnsresponsepolicyrule + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + behavior: + description: Answer this query with a behavior rather than DNS data. + Acceptable values are 'behaviorUnspecified', and 'bypassResponsePolicy'. type: string - location: - description: Immutable. The location of the resource + dnsName: + description: The DNS name (wildcard or exact) to apply this rule to. + Must be unique within the Response Policy Rule. type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + localData: + description: |- + Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; + in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed. + properties: + localDatas: + description: All resource record sets for this selector, one per + resource record type. The name must match the dns_name. + items: + properties: + name: + description: For example, www.example.com. + type: string + rrdatas: + description: As defined in RFC 1035 (section 5) and RFC + 1034 (section 3.6.1). + items: + type: string + type: array + ttl: + description: |- + Number of seconds that this ResourceRecordSet can be cached by + resolvers. + type: integer + type: + description: 'One of valid DNS resource types. Possible + values: ["A", "AAAA", "CAA", "CNAME", "DNSKEY", "DS", + "HTTPS", "IPSECVPNKEY", "MX", "NAPTR", "NS", "PTR", "SOA", + "SPF", "SRV", "SSHFP", "SVCB", "TLSA", "TXT"].' + type: string + required: + - name + - type + type: object + type: array + required: + - localDatas + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -41433,21 +64755,273 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The ruleName of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responsePolicy: + description: Identifies the response policy addressed by this request. + type: string + required: + - dnsName + - projectRef + - responsePolicy + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessordefaultversions.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessorDefaultVersion + plural: documentaiprocessordefaultversions + shortNames: + - gcpdocumentaiprocessordefaultversion + - gcpdocumentaiprocessordefaultversions + singular: documentaiprocessordefaultversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + resourceID: + description: Immutable. Optional. The processor of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + version: + description: |- + Immutable. The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel. + Apply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff. + type: string + required: + - version + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: documentaiprocessors.documentai.cnrm.cloud.google.com +spec: + group: documentai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: DocumentAIProcessor + plural: documentaiprocessors + shortNames: + - gcpdocumentaiprocessor + - gcpdocumentaiprocessors + singular: documentaiprocessor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: Immutable. The display name. Must be unique. + type: string + kmsKeyName: + description: Immutable. The KMS key used for encryption/decryption + in CMEK scenarios. See https://cloud.google.com/security-key-management. + type: string + location: + description: Immutable. The location of the resource. + type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -41464,8 +65038,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -41479,6 +65052,15 @@ spec: resource. Used for acquisition only. Leave unset to create a new resource. type: string + type: + description: Immutable. The type of processor. For possible types + see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes). + type: string + required: + - displayName + - location + - projectRef + - type type: object status: properties: @@ -41508,13 +65090,8 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of an inspectTemplate. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + name: + description: The resource name of the processor. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -41523,11 +65100,151 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of an inspectTemplate. - format: date-time + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: essentialcontactscontacts.essentialcontacts.cnrm.cloud.google.com +spec: + group: essentialcontacts.cnrm.cloud.google.com + names: + categories: + - gcp + kind: EssentialContactsContact + plural: essentialcontactscontacts + shortNames: + - gcpessentialcontactscontact + - gcpessentialcontactscontacts + singular: essentialcontactscontact + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + email: + description: Immutable. The email address to send notifications to. + This does not need to be a Google account. + type: string + languageTag: + description: The preferred language for notifications, as a ISO 639-1 + language code. See Supported languages for a list of supported languages. + type: string + notificationCategorySubscriptions: + description: The categories of notifications that the contact will + receive communications for. + items: + type: string + type: array + parent: + description: 'Immutable. The resource to save this contact for. Format: + organizations/{organization_id}, folders/{folder_id} or projects/{project_id}.' + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - email + - languageTag + - notificationCategorySubscriptions + - parent + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}.' type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer type: object + required: + - spec type: object served: true storage: true @@ -41544,25 +65261,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpinspecttemplates.dlp.cnrm.cloud.google.com + name: eventarctriggers.eventarc.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: eventarc.cnrm.cloud.google.com names: categories: - gcp - kind: DLPInspectTemplate - plural: dlpinspecttemplates + kind: EventarcTrigger + plural: eventarctriggers shortNames: - - gcpdlpinspecttemplate - - gcpdlpinspecttemplates - singular: dlpinspecttemplate + - gcpeventarctrigger + - gcpeventarctriggers + singular: eventarctrigger preserveUnknownFields: false scope: Namespaced versions: @@ -41599,436 +65316,241 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Short description (max 256 chars). - type: string - displayName: - description: Display name (max 256 chars). - type: string - inspectConfig: - description: The core content of the template. Configuration of the - scanning process. + channelRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - contentOptions: - description: List of options defining data content to scan. If - empty, text, images, and other content will be included. - items: - type: string - type: array - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud - Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this infoType - will not cause a finding to be returned. It still can - be used for rules matching. Possible values: EXCLUSION_TYPE_UNSPECIFIED, - EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name matches - one of existing infoTypes and that infoType is specified - in `InspectContent.info_types` field. Specifying the latter - adds findings to the one detected by the system. If built-in - info type is not specified in `InspectContent.info_types` - list then the name is treated as a custom info type. - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule if - the finding meets the criteria specified by the rule. - Defaults to `VERY_LIKELY` if not specified. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, UNLIKELY, POSSIBLE, - LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract as - findings. When not specified, the entire match is - returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version of - the `StoredInfoType` used for inspection was created. - Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. - - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a request, - the system may automatically choose what detectors to run. By - default this may be all types, but may change over time as detectors - are updated. If you need precise control and predictability - as to what detectors are run you should specify specific InfoTypes - listed in the reference, otherwise a default list will be used, - which may change over time. - items: - properties: - name: - description: Name of the information type. Either a name - of your choosing when creating a CustomInfoType, or one - of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud DLP - results to Data Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings returned. + external: + description: Optional. The name of the channel associated with + the trigger in `projects/{project}/locations/{location}/channels/{channel}` + format. You must provide a channel to receive events from Eventarc + SaaS partners. + type: string + name: + description: |- + [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + destination: + description: Required. Destination specifies where the events should + be sent to. + properties: + cloudFunctionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for specified - infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should be - provided. If InfoTypeLimit does not have an info_type, - the DLP API applies the limit against all info_types - that are found but not specified in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set higher. - When set within `InspectContentRequest`, this field is ignored. - format: int64 - type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set higher. - format: int64 - type: integer + external: + description: |- + [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} + + Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + cloudRunService: + description: Cloud Run fully-managed service that receives the + events. The service should be running in the same project of + the trigger. + properties: + path: + description: 'Optional. The relative path on the Cloud Run + service the events should be sent to. The value must conform + to the definition of URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + region: + description: Required. The region the Cloud Run service is + deployed in. + type: string + serviceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. + + Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - region + - serviceRef + type: object + gke: + description: A GKE service capable of receiving events. The service + should be running in the same project as the trigger. + properties: + clusterRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + location: + description: Required. The name of the Google Compute Engine + in which the cluster resides, which can either be compute + zone (for example, us-central1-a) for the zonal clusters + or region (for example, us-central1) for regional clusters. + type: string + namespace: + description: Required. The namespace the GKE service is running + in. + type: string + path: + description: 'Optional. The relative path on the GKE service + the events should be sent to. The value must conform to + the definition of a URI path segment (section 3.3 of RFC2396). + Examples: "/route", "route", "route/subroute".' + type: string + service: + description: Required. Name of the GKE service. + type: string + required: + - clusterRef + - location + - namespace + - service + type: object + workflowRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'The resource name of the Workflow whose Executions + are triggered by the events. The Workflow resource should + be deployed in the same project as the trigger. Format: + `projects/{project}/locations/{location}/workflows/{workflow}`' + type: string + name: + description: |- + [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - ruleSet: - description: Set of rules to apply to the findings for this InspectConfig. - Exclusion rules, contained in the set are executed in the end, - other rules are executed in the order they are specified for - each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. The - rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the rule. - properties: - cloudStoragePath: - description: Newline-delimited file of words - in Cloud Storage. Only a single file is - accepted. - properties: - path: - description: 'A url representing a file - or path (no wildcards) in Cloud Storage. - Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and every - phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps or - contained within with a finding of an infoType - from this list. For example, for `InspectionRuleSet.info_types` - containing "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number findings - are dropped if they overlap with EMAIL_ADDRESS - finding. That leads to "555-222-2222@example.org" - to generate only a single finding, namely - email address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, or - one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When - sending Cloud DLP results to Data - Catalog, infoType names should conform - to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see MatchingType - documentation for details. Possible values: - MATCHING_TYPE_UNSPECIFIED, MATCHING_TYPE_FULL_MATCH, - MATCHING_TYPE_PARTIAL_MATCH, MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch to - extract as findings. When not specified, - the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply to - all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a finding - to a fixed value. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, - VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the likelihood - by the specified number of levels. For example, - if a finding would be `POSSIBLE` without - the detection rule and `relative_likelihood` - is 1, then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to `UNLIKELY`. - Likelihood may never drop below `VERY_UNLIKELY` - or exceed `VERY_LIKELY`, so applying an - adjustment of 1 followed by an adjustment - of -1 when base likelihood is `VERY_LIKELY` - will result in a final likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within which - the entire hotword must reside. The total length - of the window cannot exceed 1000 characters. - Note that the finding itself will be included - in the window, so that hotwords may be used - to match substrings of the finding itself. For - example, the certainty of a phone number regex - "(d{3}) d{3}-d{4}" could be adjusted upwards - if the area code is known to be the local area - code of a company office using the hotword regex - "(xxx)", where "xxx" is the area code in question. - properties: - windowAfter: - description: Number of characters after the - finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before the - finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array type: object location: - description: Immutable. The location of the resource + description: Immutable. The location for the resource type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + matchingCriteria: + description: Required. null The list of filters that applies to event + attributes. Only events that match all the provided filters will + be sent to the destination. + items: + properties: + attribute: + description: Required. The name of a CloudEvents attribute. + Currently, only a subset of attributes are supported for filtering. + All triggers MUST provide a filter for the 'type' attribute. + type: string + operator: + description: Optional. The operator used for matching the events + with the value of the filter. If not specified, only events + that have an exact key-value pair specified in the filter + are matched. The only allowed value is `match-path-pattern`. + type: string + value: + description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud + for available values. + type: string + required: + - attribute + - value + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -42045,21 +65567,24 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccountRef: oneOf: - not: required: @@ -42076,8 +65601,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -42086,11 +65613,53 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + transport: + description: Immutable. Optional. In order to deliver messages, Eventarc + may use other GCP products as transport intermediary. This field + contains a reference to that transport intermediary. This information + can be used for debugging purposes. + properties: + pubsub: + description: Immutable. The Pub/Sub topic and subscription used + by Eventarc as delivery intermediary. + properties: + topicRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. + + Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: object + required: + - destination + - location + - matchingCriteria + - projectRef type: object status: properties: @@ -42121,12 +65690,13 @@ spec: type: object type: array createTime: - description: Output only. The creation timestamp of an inspectTemplate. + description: Output only. The creation time. format: date-time type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: Output only. This checksum is computed by the server + based on the value of other fields, and may be sent only on create + requests to ensure the client has an up-to-date value before proceeding. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -42135,11 +65705,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceConditions: + additionalProperties: + type: string + description: Output only. The reason(s) why a trigger is in FAILED + state. + type: object + transport: + properties: + pubsub: + properties: + subscription: + description: 'Output only. The name of the Pub/Sub subscription + created and managed by Eventarc system as a transport for + the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' + type: string + type: object + type: object + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The last update timestamp of an inspectTemplate. + description: Output only. The last-modified time. format: date-time type: string type: object + required: + - spec type: object served: true storage: true @@ -42154,1277 +65748,2353 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: dlpjobtriggers.dlp.cnrm.cloud.google.com -spec: - group: dlp.cnrm.cloud.google.com - names: - categories: - - gcp - kind: DLPJobTrigger - plural: dlpjobtriggers - shortNames: - - gcpdlpjobtrigger - - gcpdlpjobtriggers - singular: dlpjobtrigger - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: User provided description (max 256 chars) - type: string - displayName: - description: Display name (max 100 chars) - type: string - inspectJob: - description: For inspect jobs, a snapshot of the configuration. - properties: - actions: - description: Actions to execute at the completion of the job. - items: - properties: - jobNotificationEmails: - description: Enable email notification for project owners - and editors on job's completion/failure. - type: object - x-kubernetes-preserve-unknown-fields: true - pubSub: - description: Publish a notification to a pubsub topic. - properties: - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - publishFindingsToCloudDataCatalog: - description: Publish findings to Cloud Datahub. - type: object - x-kubernetes-preserve-unknown-fields: true - publishSummaryToCscc: - description: Publish summary to Cloud Security Command Center - (Alpha). - type: object - x-kubernetes-preserve-unknown-fields: true - publishToStackdriver: - description: Enable Stackdriver metric dlp.googleapis.com/finding_count. - type: object - x-kubernetes-preserve-unknown-fields: true - saveFindings: - description: Save resulting findings in a provided location. - properties: - outputConfig: - description: Location to store findings outside of DLP. - properties: - dlpStorage: - description: Store findings directly to DLP. If - neither this or bigquery is chosen only summary - stats of total infotype count will be stored. - Quotes will not be stored to dlp findings. If - quotes are needed, store to BigQuery. Currently - only for inspect jobs. - type: object - x-kubernetes-preserve-unknown-fields: true - outputSchema: - description: 'Schema used for writing the findings - for Inspect jobs. This field is only used for - Inspect and must be unspecified for Risk jobs. - Columns are derived from the `Finding` object. - If appending to an existing table, any columns - from the predefined schema that are missing will - be added. No columns in the existing table will - be deleted. If unspecified, then all available - columns will be used for a new table or an (existing) - table with no schema, and no changes will be made - to an existing table that has a schema. Only for - use with external storage. Possible values: OUTPUT_SCHEMA_UNSPECIFIED, - BASIC_COLUMNS, GCS_COLUMNS, DATASTORE_COLUMNS, - BIG_QUERY_COLUMNS, ALL_COLUMNS' - type: string - table: - description: 'Store findings in an existing table - or a new table in an existing dataset. If table_id - is not set a new one will be generated for you - with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. - Pacific timezone will be used for generating the - date details. For Inspect, each column in an existing - output table must have the same name, type, and - mode of a field in the `Finding` object. For Risk, - an existing output table should be the output - of a previous Risk analysis job run on the same - source table, with the same privacy metric and - quasi-identifiers. Risk jobs that analyze the - same table but compute a different privacy metric, - or use different sets of quasi-identifiers, cannot - store their results in the same table.' - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestorebackups.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreBackup + plural: filestorebackups + shortNames: + - gcpfilestorebackup + - gcpfilestorebackups + singular: filestorebackup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the backup with 2048 characters or less. + Requests with longer descriptions will be rejected. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - type: object - type: object - type: array - inspectConfig: - description: How and what to scan for. - properties: - customInfoTypes: - description: CustomInfoTypes provided by the user. See https://cloud.google.com/dlp/docs/creating-custom-infotypes - to learn more. - items: - properties: - detectionRules: - description: Set of detection rules to apply to all - findings of this CustomInfoType. Rules are applied - in order that they are specified. Not supported for - the `surrogate_type` CustomInfoType. - items: - properties: - hotwordRule: - description: Hotword-based detection rule. - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - dictionary: - description: A list of phrases to detect as a CustomInfoType. - properties: - cloudStoragePath: - description: Newline-delimited file of words in - Cloud Storage. Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path - (no wildcards) in Cloud Storage. Example: - gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases to search - for. - properties: - words: - description: Words or phrases defining the dictionary. - The dictionary must contain at least one phrase - and every phrase must contain at least 2 characters - that are letters or digits. [required] - items: - type: string - type: array - type: object - type: object - exclusionType: - description: 'If set to EXCLUSION_TYPE_EXCLUDE this - infoType will not cause a finding to be returned. - It still can be used for rules matching. Possible - values: EXCLUSION_TYPE_UNSPECIFIED, EXCLUSION_TYPE_EXCLUDE' - type: string - infoType: - description: CustomInfoType can either be a new infoType, - or an extension of built-in infoType, when the name - matches one of existing infoTypes and that infoType - is specified in `InspectContent.info_types` field. - Specifying the latter adds findings to the one detected - by the system. If built-in info type is not specified - in `InspectContent.info_types` list then the name - is treated as a custom info type. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType names - should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - likelihood: - description: 'Likelihood to return for this CustomInfoType. - This base value can be altered by a detection rule - if the finding meets the criteria specified by the - rule. Defaults to `VERY_LIKELY` if not specified. - Possible values: LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - regex: - description: Regular expression based CustomInfoType. - properties: - groupIndexes: - description: The index of the submatch to extract - as findings. When not specified, the entire match - is returned. No more than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. - Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository on - GitHub. - type: string - type: object - storedType: - description: Load an existing `StoredInfoType` resource - for use in `InspectDataSource`. Not currently supported - in `InspectContent`. - properties: - createTime: - description: Timestamp indicating when the version - of the `StoredInfoType` used for inspection was - created. Output-only field, populated by the system. - format: date-time - type: string - nameRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Resource name of the requested `StoredInfoType`, for example `organizations/433245324/storedInfoTypes/432452342` or `projects/project-id/storedInfoTypes/432452342`. + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sourceFileShare: + description: Immutable. Name of the file share in the source Cloud + Filestore instance that the backup is created from. + type: string + sourceInstanceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - Allowed value: The Google Cloud resource name of a `DLPStoredInfoType` resource (format: `{{parent}}/storedInfoTypes/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - surrogateType: - description: Message for detecting output from deidentification - transformations that support reversing. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: array - excludeInfoTypes: - description: When true, excludes type information of the findings. - This is not used for data profiling. - type: boolean - includeQuote: - description: When true, a contextual quote from the data that - triggered a finding is included in the response; see Finding.quote. - This is not used for data profiling. - type: boolean - infoTypes: - description: Restricts what info_types to look for. The values - must correspond to InfoType values returned by ListInfoTypes - or listed at https://cloud.google.com/dlp/docs/infotypes-reference. - When no InfoTypes or CustomInfoTypes are specified in a - request, the system may automatically choose what detectors - to run. By default this may be all types, but may change - over time as detectors are updated. If you need precise - control and predictability as to what detectors are run - you should specify specific InfoTypes listed in the reference, - otherwise a default list will be used, which may change - over time. - items: - properties: - name: - description: Name of the information type. Either a - name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending Cloud - DLP results to Data Catalog, infoType names should - conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - type: object - type: array - limits: - description: Configuration to control the number of findings - returned. This is not used for data profiling. + Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - location + - projectRef + - sourceFileShare + - sourceInstanceRef + type: object + status: + properties: + capacityGb: + description: Output only. Capacity of the source file share when the + backup was created. + format: int64 + type: integer + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the backup was created. + format: date-time + type: string + downloadBytes: + description: Output only. Amount of bytes that will be downloaded + if the backup is restored. This may be different than storage bytes, + since sequential backups of the same disk will share storage. + format: int64 + type: integer + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + sourceInstanceTier: + description: 'Output only. The service tier of the source Cloud Filestore + instance that this backup is created from. Possible values: TIER_UNSPECIFIED, + STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' + type: string + state: + description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + type: string + storageBytes: + description: Output only. The size of the storage used by the backup. + As backups share storage, this number is expected to change with + backup creation/deletion. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: filestoreinstances.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreInstance + plural: filestoreinstances + shortNames: + - gcpfilestoreinstance + - gcpfilestoreinstances + singular: filestoreinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: The description of the instance (2048 characters or less). + type: string + fileShares: + description: File system shares on the instance. For this version, + only a single file share is supported. + items: + properties: + capacityGb: + description: File share capacity in gigabytes (GB). Cloud Filestore + defines 1 GB as 1024^3 bytes. + format: int64 + type: integer + name: + description: The name of the file share (must be 16 characters + or less). + type: string + nfsExportOptions: + description: Nfs Export Options. There is a limit of 10 export + options per file share. + items: properties: - maxFindingsPerInfoType: - description: Configuration of findings limit given for - specified infoTypes. - items: - properties: - infoType: - description: Type of information the findings limit - applies to. Only one limit per info_type should - be provided. If InfoTypeLimit does not have an - info_type, the DLP API applies the limit against - all info_types that are found but not specified - in another InfoTypeLimit. - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this - InfoType. - type: string - type: object - maxFindings: - description: Max findings limit for the given infoType. - format: int64 - type: integer - type: object - type: array - maxFindingsPerItem: - description: Max number of findings that will be returned - for each item scanned. When set within `InspectJobConfig`, - the maximum returned is 2000 regardless if this is set - higher. When set within `InspectContentRequest`, this - field is ignored. + accessMode: + description: 'Either READ_ONLY, for allowing only read + requests on the exported directory, or READ_WRITE, for + allowing both read and write requests. The default is + READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, + READ_ONLY, READ_WRITE' + type: string + anonGid: + description: An integer representing the anonymous group + id with a default value of 65534. Anon_gid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer - maxFindingsPerRequest: - description: Max number of findings that will be returned - per request/job. When set within `InspectContentRequest`, - the maximum returned is 2000 regardless if this is set - higher. + anonUid: + description: An integer representing the anonymous user + id with a default value of 65534. Anon_uid may only + be set with squash_mode of ROOT_SQUASH. An error will + be returned if this field is specified for other squash_mode + settings. format: int64 type: integer + ipRanges: + description: List of either an IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges + in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask + size}` which may mount the file share. Overlapping IP + ranges are not allowed, both within and across NfsExportOptions. + An error will be returned. The limit is 64 IP ranges/addresses + for each FileShareConfig among all NfsExportOptions. + items: + type: string + type: array + squashMode: + description: 'Either NO_ROOT_SQUASH, for allowing root + access on the exported directory, or ROOT_SQUASH, for + not allowing root access. The default is NO_ROOT_SQUASH. + Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, + ROOT_SQUASH' + type: string type: object - minLikelihood: - description: 'Only returns findings equal or above this threshold. - The default is POSSIBLE. See https://cloud.google.com/dlp/docs/likelihood - to learn more. Possible values: LIKELIHOOD_UNSPECIFIED, - VERY_UNLIKELY, UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' + type: array + sourceBackupRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. + + Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + location: + description: Immutable. The location for the resource + type: string + networks: + description: Immutable. VPC networks to which the instance is connected. + For this version, only a single network is supported. + items: + properties: + ipAddresses: + description: Immutable. Output only. IPv4 addresses in the format + `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in + the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. + items: type: string - ruleSet: - description: Set of rules to apply to the findings for this - InspectConfig. Exclusion rules, contained in the set are - executed in the end, other rules are executed in the order - they are specified for each info type. - items: - properties: - infoTypes: - description: List of infoTypes this rule set is applied - to. - items: - properties: - name: - description: Name of the information type. Either - a name of your choosing when creating a CustomInfoType, - or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. When sending - Cloud DLP results to Data Catalog, infoType - names should conform to the pattern `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name for this InfoType. - type: string - type: object - type: array - rules: - description: Set of rules to be applied to infoTypes. - The rules are applied in order. - items: - properties: - exclusionRule: - description: Exclusion rule. - properties: - dictionary: - description: Dictionary which defines the - rule. - properties: - cloudStoragePath: - description: Newline-delimited file of - words in Cloud Storage. Only a single - file is accepted. - properties: - path: - description: 'A url representing a - file or path (no wildcards) in Cloud - Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - type: object - wordList: - description: List of words or phrases - to search for. - properties: - words: - description: Words or phrases defining - the dictionary. The dictionary must - contain at least one phrase and - every phrase must contain at least - 2 characters that are letters or - digits. [required] - items: - type: string - type: array - type: object - type: object - excludeInfoTypes: - description: Set of infoTypes for which findings - would affect this rule. - properties: - infoTypes: - description: InfoType list in ExclusionRule - rule drops a finding when it overlaps - or contained within with a finding of - an infoType from this list. For example, - for `InspectionRuleSet.info_types` containing - "PHONE_NUMBER"` and `exclusion_rule` - containing `exclude_info_types.info_types` - with "EMAIL_ADDRESS" the phone number - findings are dropped if they overlap - with EMAIL_ADDRESS finding. That leads - to "555-222-2222@example.org" to generate - only a single finding, namely email - address. - items: - properties: - name: - description: Name of the information - type. Either a name of your choosing - when creating a CustomInfoType, - or one of the names listed at - https://cloud.google.com/dlp/docs/infotypes-reference - when specifying a built-in type. - When sending Cloud DLP results - to Data Catalog, infoType names - should conform to the pattern - `[A-Za-z0-9$-_]{1,64}`. - type: string - version: - description: Optional version name - for this InfoType. - type: string - type: object - type: array - type: object - matchingType: - description: 'How the rule is applied, see - MatchingType documentation for details. - Possible values: MATCHING_TYPE_UNSPECIFIED, - MATCHING_TYPE_FULL_MATCH, MATCHING_TYPE_PARTIAL_MATCH, - MATCHING_TYPE_INVERSE_MATCH' - type: string - regex: - description: Regular expression which defines - the rule. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - type: object - hotwordRule: - properties: - hotwordRegex: - description: Regular expression pattern defining - what qualifies as a hotword. - properties: - groupIndexes: - description: The index of the submatch - to extract as findings. When not specified, - the entire match is returned. No more - than 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular - expression. Its syntax (https://github.com/google/re2/wiki/Syntax) - can be found under the google/re2 repository - on GitHub. - type: string - type: object - likelihoodAdjustment: - description: Likelihood adjustment to apply - to all matching findings. - properties: - fixedLikelihood: - description: 'Set the likelihood of a - finding to a fixed value. Possible values: - LIKELIHOOD_UNSPECIFIED, VERY_UNLIKELY, - UNLIKELY, POSSIBLE, LIKELY, VERY_LIKELY' - type: string - relativeLikelihood: - description: Increase or decrease the - likelihood by the specified number of - levels. For example, if a finding would - be `POSSIBLE` without the detection - rule and `relative_likelihood` is 1, - then it is upgraded to `LIKELY`, while - a value of -1 would downgrade it to - `UNLIKELY`. Likelihood may never drop - below `VERY_UNLIKELY` or exceed `VERY_LIKELY`, - so applying an adjustment of 1 followed - by an adjustment of -1 when base likelihood - is `VERY_LIKELY` will result in a final - likelihood of `LIKELY`. - format: int64 - type: integer - type: object - proximity: - description: Proximity of the finding within - which the entire hotword must reside. The - total length of the window cannot exceed - 1000 characters. Note that the finding itself - will be included in the window, so that - hotwords may be used to match substrings - of the finding itself. For example, the - certainty of a phone number regex "(d{3}) - d{3}-d{4}" could be adjusted upwards if - the area code is known to be the local area - code of a company office using the hotword - regex "(xxx)", where "xxx" is the area code - in question. - properties: - windowAfter: - description: Number of characters after - the finding to consider. - format: int64 - type: integer - windowBefore: - description: Number of characters before - the finding to consider. - format: int64 - type: integer - type: object - type: object - type: object - type: array - type: object - type: array - type: object - inspectTemplateRef: - oneOf: - - not: + type: array + modes: + description: Immutable. Internet protocol versions for which + the instance has IP addresses assigned. For this version, + only MODE_IPV4 is supported. + items: + type: string + type: array + networkRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: + properties: + external: + description: |- + The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. + + Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + reservedIPRange: + description: Immutable. A /29 CIDR block in one of the [internal + IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) + that identifies the range of IP addresses reserved for this + instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The + range you specify can't overlap with either existing subnets + or assigned IP address ranges for other Cloud Filestore instances + in the selected VPC network. + type: string + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. The service tier of the instance. Possible + values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, + HIGH_SCALE_SSD, ENTERPRISE' + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when the instance was created. + format: date-time + type: string + etag: + description: Server-specified ETag for the instance resource to prevent + simultaneous updates from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, + CREATING, READY, REPAIRING, DELETING, ERROR' + type: string + statusMessage: + description: Output only. Additional information about the instance + state, if available. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: filestoresnapshots.filestore.cnrm.cloud.google.com +spec: + group: filestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FilestoreSnapshot + plural: filestoresnapshots + shortNames: + - gcpfilestoresnapshot + - gcpfilestoresnapshots + singular: filestoresnapshot + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: A description of the snapshot with 2048 characters or + less. Requests with longer descriptions will be rejected. + type: string + instance: + description: Immutable. The resource name of the filestore instance. + type: string + location: + description: Immutable. The name of the location of the instance. + This can be a region for ENTERPRISE tier instances. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - instance + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time when the snapshot was created in RFC3339 text + format. + type: string + filesystemUsedBytes: + description: The amount of bytes needed to allocate a full copy of + the snapshot content. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The snapshot state. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseandroidapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseAndroidApp + plural: firebaseandroidapps + shortNames: + - gcpfirebaseandroidapp + - gcpfirebaseandroidapps + singular: firebaseandroidapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the AndroidApp. + type: string + packageName: + description: |- + Immutable. The canonical package name of the Android app as would appear in the Google Play + Developer Console. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated appId of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sha1Hashes: + description: The SHA1 certificate hashes for the AndroidApp. + items: + type: string + type: array + sha256Hashes: + description: The SHA256 certificate hashes for the AndroidApp. + items: + type: string + type: array + required: + - displayName + - projectRef + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the AndroidApp. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: |- + This checksum is computed by the server based on the value of other fields, and it may be sent + with update requests to ensure the client has an up-to-date value before proceeding. + type: string + name: + description: |- + The fully qualified resource name of the AndroidApp, for example: + projects/projectId/androidApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasedatabaseinstances.firebasedatabase.cnrm.cloud.google.com +spec: + group: firebasedatabase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseDatabaseInstance + plural: firebasedatabaseinstances + shortNames: + - gcpfirebasedatabaseinstance + - gcpfirebasedatabaseinstances + singular: firebasedatabaseinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + desiredState: + description: The intended database state. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: |- + Immutable. A reference to the region where the Firebase Realtime database resides. + Check all [available regions](https://firebase.google.com/docs/projects/locations#rtdb-locations). + type: string + resourceID: + description: Immutable. Optional. The instanceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: |- + Immutable. The database type. + Each project can create one default Firebase Realtime Database, which cannot be deleted once created. + Creating user Databases is only available for projects on the Blaze plan. + Projects can be upgraded using the Cloud Billing API https://cloud.google.com/billing/reference/rest/v1/projects/updateBillingInfo. Default value: "USER_DATABASE" Possible values: ["DEFAULT_DATABASE", "USER_DATABASE"]. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + databaseUrl: + description: |- + The database URL in the form of https://{instance-id}.firebaseio.com for us-central1 instances + or https://{instance-id}.{region}.firebasedatabase.app in other regions. + type: string + name: + description: |- + The fully-qualified resource name of the Firebase Realtime Database, in the + format: projects/PROJECT_NUMBER/locations/REGION_IDENTIFIER/instances/INSTANCE_ID + PROJECT_NUMBER: The Firebase project's ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) + Learn more about using project identifiers in Google's [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + state: + description: The current database state. Set desired_state to :DISABLED + to disable the database and :ACTIVE to reenable the database. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingchannels.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingChannel + plural: firebasehostingchannels + shortNames: + - gcpfirebasehostingchannel + - gcpfirebasehostingchannels + singular: firebasehostingchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expireTime: + description: |- + The time at which the channel will be automatically deleted. If null, the channel + will not be automatically deleted. This field is present in the output whether it's + set directly or via the 'ttl' field. + type: string + resourceID: + description: Immutable. Optional. The channelId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainedReleaseCount: + description: |- + The number of previous releases to retain on the channel for rollback or other + purposes. Must be a number between 1-100. Defaults to 10 for new channels. + type: integer + siteId: + description: Immutable. Required. The ID of the site in which to create + this channel. + type: string + ttl: + description: |- + Immutable. Input only. A time-to-live for this channel. Sets 'expire_time' to the provided + duration past the time of the request. A duration in seconds with up to nine fractional + digits, terminated by 's'. Example: "86400s" (one day). + type: string + required: + - siteId + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully-qualified resource name for the channel, in the format: + sites/SITE_ID/channels/CHANNEL_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasehostingsites.firebasehosting.cnrm.cloud.google.com +spec: + group: firebasehosting.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseHostingSite + plural: firebasehostingsites + shortNames: + - gcpfirebasehostingsite + - gcpfirebasehostingsites + singular: firebasehostingsite + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + appId: + description: |- + Optional. The [ID of a Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id) + associated with the Hosting site. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The siteId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + defaultUrl: + description: The default URL for the site in the form of https://{name}.web.app. + type: string + name: + description: |- + Output only. The fully-qualified resource name of the Hosting site, in the + format: projects/PROJECT_IDENTIFIER/sites/SITE_ID PROJECT_IDENTIFIER: the + Firebase project's + ['ProjectNumber'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_number) ***(recommended)*** or its + ['ProjectId'](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects#FirebaseProject.FIELDS.project_id). + Learn more about using project identifiers in Google's + [AIP 2510 standard](https://google.aip.dev/cloud/2510). + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebaseprojects.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseProject + plural: firebaseprojects + shortNames: + - gcpfirebaseproject + - gcpfirebaseprojects + singular: firebaseproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The project of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + displayName: + description: The GCP project display name. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + projectNumber: + description: The number of the google project that firebase is enabled + on. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasestoragebuckets.firebasestorage.cnrm.cloud.google.com +spec: + group: firebasestorage.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseStorageBucket + plural: firebasestoragebuckets + shortNames: + - gcpfirebasestoragebucket + - gcpfirebasestoragebuckets + singular: firebasestoragebucket + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The bucketId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: Resource name of the bucket in the format projects/PROJECT_IDENTIFIER/buckets/BUCKET_ID. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firebasewebapps.firebase.cnrm.cloud.google.com +spec: + group: firebase.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirebaseWebApp + plural: firebasewebapps + shortNames: + - gcpfirebasewebapp + - gcpfirebasewebapps + singular: firebasewebapp + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deletionPolicy: + type: string + displayName: + description: The user-assigned display name of the App. + type: string + project: + description: Immutable. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + appId: + description: |- + The globally unique, Firebase-assigned identifier of the App. + This identifier should be treated as an opaque token, as the data format is not specified. + type: string + appUrls: + description: The URLs where the 'WebApp' is hosted. + items: + type: string + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The fully qualified resource name of the App, for example: + projects/projectId/webApps/appId. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: firestoreindexes.firestore.cnrm.cloud.google.com +spec: + group: firestore.cnrm.cloud.google.com + names: + categories: + - gcp + kind: FirestoreIndex + plural: firestoreindexes + shortNames: + - gcpfirestoreindex + - gcpfirestoreindexes + singular: firestoreindex + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + collection: + description: Immutable. The collection being indexed. + type: string + database: + description: Immutable. The Firestore database id. Defaults to '"(default)"'. + type: string + fields: + description: |- + Immutable. The fields supported by this index. The last field entry is always for + the field path '__name__'. If, on creation, '__name__' was not + specified as the last field, it will be added automatically with the + same direction as that of the last field defined. If the final field + in a composite index is not directional, the '__name__' will be + ordered '"ASCENDING"' (unless explicitly specified otherwise). + items: + properties: + arrayConfig: + description: |- + Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can + be specified. Possible values: ["CONTAINS"]. + type: string + fieldPath: + description: Immutable. Name of the field. + type: string + order: + description: |- + Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. + Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + type: string + type: object + type: array + queryScope: + description: 'Immutable. The scope at which a query is run. Default + value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + type: string + required: + - collection + - fields + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + A server defined name for this index. Format: + 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: folders.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Folder + plural: folders + shortNames: + - gcpfolder + - gcpfolders + singular: folder + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + displayName: + description: The folder's display name. A folder's display name must + be unique amongst its siblings, e.g. no two folders with the same + parent can share the same display name. The display name must start + and end with a letter or digit, may contain letters, digits, spaces, + hyphens and underscores and can be no longer than 30 characters. + type: string + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: 'Timestamp when the Folder was created. Assigned by the + server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + Example: "2014-10-02T15:01:23.045123456Z".' + type: string + folderId: + description: The folder id from the name "folders/{folder_id}". + type: string + lifecycleState: + description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. + type: string + name: + description: The resource name of the Folder. Its format is folders/{folder_id}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: gkebackupbackupplans.gkebackup.cnrm.cloud.google.com +spec: + group: gkebackup.cnrm.cloud.google.com + names: + categories: + - gcp + kind: GKEBackupBackupPlan + plural: gkebackupbackupplans + shortNames: + - gcpgkebackupbackupplan + - gcpgkebackupbackupplans + singular: gkebackupbackupplan + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + backupConfig: + description: Defines the configuration of Backups created via this + BackupPlan. + properties: + allNamespaces: + description: If True, include all namespaced resources. + type: boolean + encryptionKey: + description: |- + This defines a customer managed encryption key that will be used to encrypt the "config" + portion (the Kubernetes resources) of Backups created via this plan. properties: - external: - description: |- - If provided, will be used as the default for all values in InspectConfig. `inspect_config` will be merged into the values persisted as part of the template. - - Allowed value: The Google Cloud resource name of a `DLPInspectTemplate` resource (format: `{{parent}}/inspectTemplates/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + gcpKmsEncryptionKey: + description: 'Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*.' type: string + required: + - gcpKmsEncryptionKey type: object - storageConfig: - description: The data to scan. + includeSecrets: + description: |- + This flag specifies whether Kubernetes Secret resources should be included + when they fall into the scope of Backups. + type: boolean + includeVolumeData: + description: |- + This flag specifies whether volume data should be backed up when PVCs are + included in the scope of a Backup. + type: boolean + selectedApplications: + description: A list of namespaced Kubernetes Resources. properties: - bigQueryOptions: - description: BigQuery options. - properties: - excludedFields: - description: References to fields excluded from scanning. - This allows you to skip inspection of entire columns - which you know have no findings. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - identifyingFields: - description: Table fields that may uniquely identify a - row within the table. When `actions.saveFindings.outputConfig.table` - is specified, the values of columns specified here are - available in the output table under `location.content_locations.record_location.record_key.id_values`. - Nested fields such as `person.birthdate.year` are allowed. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - includedFields: - description: Limit scanning only to these fields. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - rowsLimit: - description: Max number of rows to scan. If the table - has more rows than this value, the rest of the rows - are omitted. If not set, or if set to 0, all rows will - be scanned. Only one of rows_limit and rows_limit_percent - can be specified. Cannot be used in conjunction with - TimespanConfig. - format: int64 - type: integer - rowsLimitPercent: - description: Max percentage of rows to scan. The rest - are omitted. The number of rows scanned is rounded down. - Must be between 0 and 100, inclusively. Both 0 and 100 - means no limit. Defaults to 0. Only one of rows_limit - and rows_limit_percent can be specified. Cannot be used - in conjunction with TimespanConfig. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - tableReference: - description: Complete BigQuery table reference. - properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - tableRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - required: - - tableReference - type: object - cloudStorageOptions: - description: Google Cloud Storage options. - properties: - bytesLimitPerFile: - description: Max number of bytes to scan from a file. - If a scanned file's size is bigger than this value then - the rest of the bytes are omitted. Only one of bytes_limit_per_file - and bytes_limit_per_file_percent can be specified. Cannot - be set if de-identification is requested. - format: int64 - type: integer - bytesLimitPerFilePercent: - description: Max percentage of bytes to scan from a file. - The rest are omitted. The number of bytes scanned is - rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. Only one - of bytes_limit_per_file and bytes_limit_per_file_percent - can be specified. Cannot be set if de-identification - is requested. - format: int64 - type: integer - fileSet: - description: The set of one or more files to scan. - properties: - regexFileSet: - description: The regex-filtered set of files to scan. - Exactly one of `url` or `regex_file_set` must be - set. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of a Cloud Storage bucket. Required. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - excludeRegex: - description: A list of regular expressions matching - file paths to exclude. All files in the bucket - that match at least one of these regular expressions - will be excluded from the scan. Regular expressions - use RE2 [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - includeRegex: - description: A list of regular expressions matching - file paths to include. All files in the bucket - that match at least one of these regular expressions - will be included in the set of files, except - for those that also match an item in `exclude_regex`. - Leaving this field empty will match all files - by default (this is equivalent to including - `.*` in the list). Regular expressions use RE2 - [syntax](https://github.com/google/re2/wiki/Syntax); - a guide can be found under the google/re2 repository - on GitHub. - items: - type: string - type: array - required: - - bucketRef - type: object - url: - description: The Cloud Storage url of the file(s) - to scan, in the format `gs:///`. Trailing wildcard - in the path is allowed. If the url ends in a trailing - slash, the bucket or directory represented by the - url will be scanned non-recursively (content in - sub-directories will not be scanned). This means - that `gs://mybucket/` is equivalent to `gs://mybucket/*`, - and `gs://mybucket/directory/` is equivalent to - `gs://mybucket/directory/*`. Exactly one of `url` - or `regex_file_set` must be set. - type: string - type: object - fileTypes: - description: List of file type groups to include in the - scan. If empty, all files are scanned and available - data format processors are applied. In addition, the - binary content of the selected files is always scanned - as well. Images are scanned only as binary if the specified - region does not support image inspection and no file_types - were specified. Image inspection is restricted to 'global', - 'us', 'asia', and 'europe'. - items: - type: string - type: array - filesLimitPercent: - description: Limits the number of files to scan to this - percentage of the input FileSet. Number of files scanned - is rounded down. Must be between 0 and 100, inclusively. - Both 0 and 100 means no limit. Defaults to 0. - format: int64 - type: integer - sampleMethod: - description: ' Possible values: SAMPLE_METHOD_UNSPECIFIED, - TOP, RANDOM_START' - type: string - type: object - datastoreOptions: - description: Google Cloud Datastore options. - properties: - kind: - description: The kind to process. - properties: - name: - description: The name of the kind. - type: string - type: object - partitionId: - description: A partition ID identifies a grouping of entities. - The grouping is always by project namespace ID may be - empty. - properties: - namespaceId: - description: If not empty, the ID of the namespace - to which the entities belong. - type: string - projectRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ID of the project to which the entities belong. - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object - hybridOptions: - description: Hybrid inspection options. - properties: - description: - description: A short description of where the data is - coming from. Will be stored once in the job. 256 max - length. - type: string - labels: - additionalProperties: + namespacedNames: + description: A list of namespaced Kubernetes resources. + items: + properties: + name: + description: The name of a Kubernetes Resource. type: string - description: 'To organize findings, these labels will - be added to each finding. Label keys must be between - 1 and 63 characters long and must conform to the following - regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. Label - values must be between 0 and 63 characters long and - must conform to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. - No more than 10 labels can be associated with a given - finding. Examples: * `"environment" : "production"` - * `"pipeline" : "etl"`' - type: object - requiredFindingLabelKeys: - description: 'These are labels that each inspection request - must include within their ''finding_labels'' map. Request - may contain others, but any missing one of these will - be rejected. Label keys must be between 1 and 63 characters - long and must conform to the following regular expression: - `[a-z]([-a-z0-9]*[a-z0-9])?`. No more than 10 keys can - be required.' - items: + namespace: + description: The namespace of a Kubernetes Resource. type: string - type: array - tableOptions: - description: If the container is a table, additional information - to make findings meaningful such as the columns that - are primary keys. - properties: - identifyingFields: - description: The columns that are the primary keys - for table objects included in ContentItem. A copy - of this cell's value will stored alongside alongside - each finding so that the finding can be traced to - the specific row it came from. No more than 3 may - be provided. - items: - properties: - name: - description: Name describing the field. - type: string - type: object - type: array - type: object - type: object - timespanConfig: - properties: - enableAutoPopulationOfTimespanConfig: - description: When the job is started by a JobTrigger we - will automatically figure out a valid start_time to - avoid scanning files that have not been modified since - the last time the JobTrigger executed. This will be - based on the time of the execution of the last run of - the JobTrigger. - type: boolean - endTime: - description: Exclude files, tables, or rows newer than - this value. If not set, no upper time limit is applied. - format: date-time - type: string - startTime: - description: Exclude files, tables, or rows older than - this value. If not set, no lower time limit is applied. - format: date-time - type: string - timestampField: - description: 'Specification of the field containing the - timestamp of scanned items. Used for data sources like - Datastore and BigQuery. For BigQuery: If this value - is not specified and the table was modified between - the given start and end times, the entire table will - be scanned. If this value is specified, then rows are - filtered based on the given start and end times. Rows - with a `NULL` value in the provided BigQuery column - are skipped. Valid data types of the provided BigQuery - column are: `INTEGER`, `DATE`, `TIMESTAMP`, and `DATETIME`. - For Datastore: If this value is specified, then entities - are filtered based on the given start and end times. - If an entity does not contain the provided timestamp - property or contains empty or invalid values, then it - is included. Valid data types of the provided timestamp - property are: `TIMESTAMP`.' - properties: - name: - description: Name describing the field. - type: string - type: object - type: object + required: + - name + - namespace + type: object + type: array + required: + - namespacedNames + type: object + selectedNamespaces: + description: If set, include just the resources in the listed + namespaces. + properties: + namespaces: + description: A list of Kubernetes Namespaces. + items: + type: string + type: array + required: + - namespaces type: object - required: - - storageConfig type: object + backupSchedule: + description: Defines a schedule for automatic Backup creation via + this BackupPlan. + properties: + cronSchedule: + description: |- + A standard cron string that defines a repeating schedule for + creating Backups via this BackupPlan. + If this is defined, then backupRetainDays must also be defined. + type: string + paused: + description: This flag denotes whether automatic Backup creation + is paused for this BackupPlan. + type: boolean + type: object + cluster: + description: Immutable. The source cluster from which Backups will + be created via this BackupPlan. + type: string + deactivated: + description: |- + This flag indicates whether this BackupPlan has been deactivated. + Setting this field to True locks the BackupPlan such that no further updates will be allowed + (except deletes), including the deactivated field itself. It also prevents any new Backups + from being created via this BackupPlan (including scheduled Backups). + type: boolean + description: + description: User specified descriptive string for this BackupPlan. + type: string location: - description: Immutable. The location of the resource + description: Immutable. The region of the Backup Plan. type: string projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [projectRef] may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -43441,8 +68111,7 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43452,46 +68121,47 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string - status: - description: 'Immutable. Required. A status for this trigger. Possible - values: STATUS_UNSPECIFIED, HEALTHY, PAUSED, CANCELLED' + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - triggers: - description: A list of triggers which will be OR'ed together. Only - one in the list needs to trigger for a job to be started. The list - may contain only a single Schedule trigger and must have at least - one object. - items: - properties: - manual: - description: For use with hybrid jobs. Jobs must be manually - created and finished. - type: object - x-kubernetes-preserve-unknown-fields: true - schedule: - description: Create a job on a repeating basis based on the - elapse of time. - properties: - recurrencePeriodDuration: - description: 'With this option a job is started a regular - periodic basis. For example: every day (86400 seconds). - A scheduled start time will be skipped if the previous - execution has not ended when its scheduled time occurs. - This value must be set to a time duration greater than - or equal to 1 day and can be no longer than 60 days.' - type: string - type: object - type: object - type: array + retentionPolicy: + description: RetentionPolicy governs lifecycle of Backups created + under this plan. + properties: + backupDeleteLockDays: + description: |- + Minimum age for a Backup created via this BackupPlan (in days). + Must be an integer value between 0-90 (inclusive). + A Backup created under this BackupPlan will not be deletable + until it reaches Backup's (create time + backup_delete_lock_days). + Updating this field of a BackupPlan does not affect existing Backups. + Backups created after a successful update will inherit this new value. + type: integer + backupRetainDays: + description: |- + The default maximum age of a Backup created via this BackupPlan. + This field MUST be an integer value >= 0 and <= 365. If specified, + a Backup created under this BackupPlan will be automatically deleted + after its age reaches (createTime + backupRetainDays). + If not specified, Backups created under this BackupPlan will NOT be + subject to automatic deletion. Updating this field does NOT affect + existing Backups under it. Backups created AFTER a successful update + will automatically pick up the new value. + NOTE: backupRetainDays must be >= backupDeleteLockDays. + If cronSchedule is defined, then this must be <= 360 * the creation interval.]. + type: integer + locked: + description: |- + This flag denotes whether the retention policy of this BackupPlan is locked. + If set to True, no further update is allowed on this policy, including + the locked field itself. + type: boolean + type: object required: - - inspectJob + - cluster + - location - projectRef - - status - - triggers type: object status: properties: @@ -43521,86 +68191,14 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation timestamp of a triggeredJob. - format: date-time - type: string - errors: - description: Output only. A stream of errors encountered when the - trigger was activated. Repeated errors may result in the JobTrigger - automatically being paused. Will return the last 100 errors. Whenever - the JobTrigger is modified this list will be cleared. - items: - properties: - details: - description: Detailed error codes and messages. - properties: - code: - description: The status code, which should be an enum value - of google.rpc.Code. - format: int64 - type: integer - details: - description: A list of messages that carry the error details. - There is a common set of message types for APIs to use. - items: - properties: - typeUrl: - description: 'A URL/resource name that uniquely identifies - the type of the serialized protocol buffer message. - This string must contain at least one "/" character. - The last segment of the URL''s path must represent - the fully qualified name of the type (as in `path/google.protobuf.Duration`). - The name should be in a canonical form (e.g., leading - "." is not accepted). In practice, teams usually - precompile into the binary all types that they expect - it to use in the context of Any. However, for URLs - which use the scheme `http`, `https`, or no scheme, - one can optionally set up a type server that maps - type URLs to message definitions as follows: * If - no scheme is provided, `https` is assumed. * An - HTTP GET on the URL must yield a google.protobuf.Type - value in binary format, or produce an error. * Applications - are allowed to cache lookup results based on the - URL, or have them precompiled into a binary to avoid - any lookup. Therefore, binary compatibility needs - to be preserved on changes to types. (Use versioned - type names to manage breaking changes.) Note: this - functionality is not currently available in the - official protobuf release, and it is not used for - type URLs beginning with type.googleapis.com. Schemes - other than `http`, `https` (or the empty scheme) - might be used with implementation specific semantics.' - type: string - value: - description: Must be a valid serialized protocol buffer - of the above specified type. - type: string - type: object - type: array - message: - description: A developer-facing error message, which should - be in English. Any user-facing error message should be - localized and sent in the google.rpc.Status.details field, - or localized by the client. - type: string - type: object - timestamps: - description: The times the error occurred. - items: - format: date-time - type: string - type: array - type: object - type: array - lastRunTime: - description: Output only. The timestamp of the last time this trigger - executed. - format: date-time - type: string - locationId: - description: Output only. The geographic location where this resource - is stored. + etag: + description: |- + etag is used for optimistic concurrency control as a way to help prevent simultaneous + updates of a backup plan from overwriting each other. It is strongly suggested that + systems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates + in order to avoid race conditions: An etag is returned in the response to backupPlans.get, + and systems are expected to put that etag in the request to backupPlans.patch or + backupPlans.delete to ensure that their change will be applied to the same version of the resource. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -43609,9 +68207,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The last update timestamp of a triggeredJob. - format: date-time + protectedPodCount: + description: The number of Kubernetes Pods backed up in the last successful + Backup created via this BackupPlan. + type: integer + uid: + description: Server generated, unique identifier of UUID format. type: string type: object required: @@ -43632,25 +68233,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: dlpstoredinfotypes.dlp.cnrm.cloud.google.com + name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com spec: - group: dlp.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DLPStoredInfoType - plural: dlpstoredinfotypes + kind: GKEHubFeatureMembership + plural: gkehubfeaturememberships shortNames: - - gcpdlpstoredinfotype - - gcpdlpstoredinfotypes - singular: dlpstoredinfotype + - gcpgkehubfeaturemembership + - gcpgkehubfeaturememberships + singular: gkehubfeaturemembership preserveUnknownFields: false scope: Namespaced versions: @@ -43687,96 +68288,23 @@ spec: metadata: type: object spec: - oneOf: - - required: - - organizationRef - - required: - - projectRef properties: - description: - description: Description of the StoredInfoType (max 256 characters). - type: string - dictionary: - description: Store dictionary-based CustomInfoType. + configmanagement: + description: Config Management-specific spec. properties: - cloudStoragePath: - description: Newline-delimited file of words in Cloud Storage. - Only a single file is accepted. - properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' - type: string - required: - - path - type: object - wordList: - description: List of words or phrases to search for. + binauthz: + description: Binauthz configuration for the cluster. properties: - words: - description: Words or phrases defining the dictionary. The - dictionary must contain at least one phrase and every phrase - must contain at least 2 characters that are letters or digits. - [required] - items: - type: string - type: array - required: - - words + enabled: + description: Whether binauthz is enabled in this cluster. + type: boolean type: object - type: object - displayName: - description: Display name of the StoredInfoType (max 256 characters). - type: string - largeCustomDictionary: - description: StoredInfoType where findings are defined by a dictionary - of phrases. - properties: - bigQueryField: - description: Field in a BigQuery table where each cell represents - a dictionary phrase. + configSync: + description: Config Sync configuration for the cluster. properties: - field: - description: Designated field in the BigQuery table. - properties: - name: - description: Name describing the field. - type: string - type: object - table: - description: Source table of the field. + git: properties: - datasetRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Dataset ID of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryDataset` resource (format: `projects/{{project}}/datasets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - projectRef: + gcpServiceAccountRef: oneOf: - not: required: @@ -43794,9 +68322,9 @@ spec: properties: external: description: |- - The Google Cloud Platform project ID of the project containing the table. If omitted, project ID is inferred from the API call. + The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43806,7 +68334,41 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - tableRef: + httpsProxy: + description: URL for the HTTPS proxy to be used when communicating + with the Git repo. + type: string + policyDir: + description: 'The path within the Git repository that + represents the top level of the repo to sync. Default: + the root directory of the repository.' + type: string + secretType: + description: Type of secret configured for access to the + Git repo. Must be one of ssh, cookiefile, gcenode, token, + gcpserviceaccount or none. The validation of this is + case-sensitive. + type: string + syncBranch: + description: 'The branch of the repository to sync from. + Default: master.' + type: string + syncRepo: + description: The URL of the Git repository to use as the + source of truth. + type: string + syncRev: + description: Git revision (tag or hash) to check out. + Default HEAD. + type: string + syncWaitSecs: + description: 'Period in seconds between consecutive syncs. + Default: 15.' + type: string + type: object + oci: + properties: + gcpServiceAccountRef: oneOf: - not: required: @@ -43823,10 +68385,10 @@ spec: - external properties: external: - description: |- - Name of the table. - - Allowed value: The Google Cloud resource name of a `BigQueryTable` resource (format: `projects/{{project}}/datasets/{{dataset_id}}/tables/{{name}}`). + description: "The GCP Service Account Email used for + auth when secret_type is gcpserviceaccount. \n\nAllowed + value: The `email` field of an `IAMServiceAccount` + resource." type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43836,39 +68398,109 @@ spec: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + policyDir: + description: 'The absolute path of the directory that + contains the local resources. Default: the root directory + of the image.' + type: string + secretType: + description: Type of secret configured for access to the + OCI Image. Must be one of gcenode, gcpserviceaccount + or none. The validation of this is case-sensitive. + type: string + syncRepo: + description: The OCI image repository URL for the package + to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. + type: string + syncWaitSecs: + description: 'Period in seconds(int64 format) between + consecutive syncs. Default: 15.' + type: string type: object + preventDrift: + description: Set to true to enable the Config Sync admission + webhook to prevent drifts. If set to `false`, disables the + Config Sync admission webhook and does not prevent drifts. + type: boolean + sourceFormat: + description: Specifies whether the Config Sync Repo is in + "hierarchical" or "unstructured" mode. + type: string type: object - cloudStorageFileSet: - description: Set of files containing newline-delimited lists of - dictionary phrases. + hierarchyController: + description: Hierarchy Controller configuration for the cluster. properties: - url: - description: The url, in the format `gs:///`. Trailing wildcard - in the path is allowed. - type: string - required: - - url + enableHierarchicalResourceQuota: + description: Whether hierarchical resource quota is enabled + in this cluster. + type: boolean + enablePodTreeLabels: + description: Whether pod tree labels are enabled in this cluster. + type: boolean + enabled: + description: Whether Hierarchy Controller is enabled in this + cluster. + type: boolean type: object - outputPath: - description: Location to store dictionary artifacts in Google - Cloud Storage. These files will only be accessible by project - owners and the DLP API. If any of these artifacts are modified, - the dictionary is considered invalid and can no longer be used. + policyController: + description: Policy Controller configuration for the cluster. properties: - path: - description: 'A url representing a file or path (no wildcards) - in Cloud Storage. Example: gs://[BUCKET_NAME]/dictionary.txt' + auditIntervalSeconds: + description: Sets the interval for Policy Controller Audit + Scans (in seconds). When set to 0, this disables audit functionality + altogether. type: string - required: - - path + enabled: + description: Enables the installation of Policy Controller. + If false, the rest of PolicyController fields take no effect. + type: boolean + exemptableNamespaces: + description: The set of namespaces that are excluded from + Policy Controller checks. Namespaces do not need to currently + exist on the cluster. + items: + type: string + type: array + logDeniesEnabled: + description: Logs all denies and dry run failures. + type: boolean + monitoring: + description: 'Specifies the backends Policy Controller should + export metrics to. For example, to specify metrics should + be exported to Cloud Monitoring and Prometheus, specify + backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", + "prometheus"]' + properties: + backends: + description: ' Specifies the list of backends Policy Controller + will export to. Specifying an empty value `[]` disables + metrics export.' + items: + type: string + type: array + type: object + mutationEnabled: + description: Enable or disable mutation in policy controller. + If true, mutation CRDs, webhook and controller deployment + will be deployed to the cluster. + type: boolean + referentialRulesEnabled: + description: Enables the ability to use Constraint Templates + that reference to objects other than the object currently + being evaluated. + type: boolean + templateLibraryInstalled: + description: Installs the default template library along with + Policy Controller. + type: boolean type: object + version: + description: Optional. Version of ACM to install. Defaults to + the latest version. + type: string type: object - location: - description: Immutable. The location of the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef, projectRef] may be specified. + featureRef: + description: Immutable. oneOf: - not: required: @@ -43885,21 +68517,23 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The name of the feature + + Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - Only one of [organizationRef, projectRef] may be specified. + location: + description: Immutable. The location of the feature + type: string + membershipRef: + description: Immutable. oneOf: - not: required: @@ -43916,8 +68550,10 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a `Project` resource (format: `projects/{{name}}`).' + description: |- + The name of the membership + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -43926,30 +68562,54 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - regex: - description: Store regular expression-based StoredInfoType. + mesh: + description: Manage Mesh Features properties: - groupIndexes: - description: The index of the submatch to extract as findings. - When not specified, the entire match is returned. No more than - 3 may be included. - items: - format: int64 - type: integer - type: array - pattern: - description: Pattern defining the regular expression. Its syntax - (https://github.com/google/re2/wiki/Syntax) can be found under - the google/re2 repository on GitHub. + controlPlane: + description: '**DEPRECATED** Whether to automatically manage Service + Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, + AUTOMATIC, MANUAL' + type: string + management: + description: 'Whether to automatically manage Service Mesh. Possible + values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the feature + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - pattern type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. - type: string + required: + - featureRef + - location + - membershipRef + - projectRef type: object status: properties: @@ -43987,6 +68647,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -44003,25 +68665,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnsmanagedzones.dns.cnrm.cloud.google.com + name: gkehubfeatures.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSManagedZone - plural: dnsmanagedzones + kind: GKEHubFeature + plural: gkehubfeatures shortNames: - - gcpdnsmanagedzone - - gcpdnsmanagedzones - singular: dnsmanagedzone + - gcpgkehubfeature + - gcpgkehubfeatures + singular: gkehubfeature preserveUnknownFields: false scope: Namespaced versions: @@ -44059,109 +68721,52 @@ spec: type: object spec: properties: - cloudLoggingConfig: - description: Cloud logging configuration. - properties: - enableLogging: - description: If set, enable query logging for this ManagedZone. - False by default, making logging opt-in. - type: boolean - required: - - enableLogging - type: object - description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. - type: string - dnsName: - description: Immutable. The DNS name of this managed zone, for instance - "example.com.". + location: + description: Immutable. The location for the resource type: string - dnssecConfig: - description: DNSSEC configuration. + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - defaultKeySpecs: + external: description: |- - Specifies parameters that will be used for generating initial DnsKeys - for this ManagedZone. If you provide a spec for keySigning or zoneSigning, - you must also provide one for the other. - default_key_specs can only be updated when the state is 'off'. - items: - properties: - algorithm: - description: 'String mnemonic specifying the DNSSEC algorithm - of this key Possible values: ["ecdsap256sha256", "ecdsap384sha384", - "rsasha1", "rsasha256", "rsasha512"].' - type: string - keyLength: - description: Length of the keys in bits. - type: integer - keyType: - description: |- - Specifies whether this is a key signing key (KSK) or a zone - signing key (ZSK). Key signing keys have the Secure Entry - Point flag set and, when active, will only be used to sign - resource record sets of type DNSKEY. Zone signing keys do - not have the Secure Entry Point flag set and will be used - to sign all other types of resource record sets. Possible values: ["keySigning", "zoneSigning"]. - type: string - kind: - description: Identifies what kind of resource this is. - type: string - type: object - type: array - kind: - description: Identifies what kind of resource this is. + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string - nonExistence: - description: |- - Specifies the mechanism used to provide authenticated denial-of-existence responses. - non_existence can only be updated when the state is 'off'. Possible values: ["nsec", "nsec3"]. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - state: - description: 'Specifies whether DNSSEC is enabled, and what mode - it is in Possible values: ["off", "on", "transfer"].' + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - forwardingConfig: - description: |- - The presence for this field indicates that outbound forwarding is enabled - for this zone. The value of this field contains the set of destinations - to forward to. - properties: - targetNameServers: - description: |- - List of target name servers to forward to. Cloud DNS will - select the best available name server if more than - one target is given. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address of a target name server. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers - type: object - peeringConfig: - description: |- - The presence of this field indicates that DNS Peering is enabled for this - zone. The value of this field contains the network to peer with. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + spec: + description: Optional. Hub-wide Feature configuration. If this Feature + does not support any Hub-wide configuration, this field may be unused. properties: - targetNetwork: - description: The network with which to peer. + multiclusteringress: + description: Multicluster Ingress-specific spec. properties: - networkRef: - description: VPC network to forward queries to. + configMembershipRef: oneOf: - not: required: @@ -44178,8 +68783,10 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: |- + Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` + + Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -44189,137 +68796,12 @@ spec: type: string type: object required: - - networkRef - type: object - required: - - targetNetwork - type: object - privateVisibilityConfig: - description: |- - For privately visible zones, the set of Virtual Private Cloud - resources that the zone is visible from. - properties: - gkeClusters: - description: The list of Google Kubernetes Engine clusters that - can see this zone. - items: - properties: - gkeClusterNameRef: - description: |- - The resource name of the cluster to bind this ManagedZone to. - This should be specified in the format like - 'projects/*/locations/*/clusters/*'. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ContainerCluster` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - gkeClusterNameRef - type: object - type: array - networks: - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of - a `ComputeNetwork` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array - required: - - networks - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - reverseLookup: - description: |- - Immutable. Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse - lookup queries using automatically configured records for VPC resources. This only applies - to networks listed under 'private_visibility_config'. - type: boolean - serviceDirectoryConfig: - description: Immutable. The presence of this field indicates that - this zone is backed by Service Directory. The value of this field - contains information related to the namespace associated with the - zone. - properties: - namespace: - description: The namespace associated with the zone. - properties: - namespaceUrl: - description: |- - The fully qualified or partial URL of the service directory namespace that should be - associated with the zone. This should be formatted like - 'https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id}' - or simply 'projects/{project}/locations/{location}/namespaces/{namespace_id}' - Ignored for 'public' visibility zones. - type: string - required: - - namespaceUrl + - configMembershipRef type: object - required: - - namespace type: object - visibility: - description: |- - Immutable. The zone's visibility: public zones are exposed to the Internet, - while private zones are visible only to Virtual Private Cloud resources. Default value: "public" Possible values: ["private", "public"]. - type: string required: - - dnsName + - location + - projectRef type: object status: properties: @@ -44349,21 +68831,14 @@ spec: type: string type: object type: array - creationTime: - description: |- - The time that this resource was created on the server. - This is in RFC3339 text format. + createTime: + description: Output only. When the Feature resource was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Feature resource was deleted. + format: date-time type: string - managedZoneId: - description: Unique identifier for the resource; defined by the server. - type: integer - nameServers: - description: |- - Delegate your managed_zone to these virtual name servers; - defined by the server. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44371,6 +68846,46 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + resourceState: + description: State of the Feature resource itself. + properties: + hasResources: + description: Whether this Feature has outstanding resources that + need to be cleaned up before it can be disabled. + type: boolean + state: + description: 'The current state of the Feature resource in the + Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, + DISABLING, UPDATING, SERVICE_UPDATING' + type: string + type: object + state: + description: Output only. The Hub-wide Feature state + properties: + state: + description: Output only. The "running state" of the Feature in + this Hub. + properties: + code: + description: 'The high-level, machine-readable status of this + Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, + ERROR' + type: string + description: + description: A human-readable description of the current status. + type: string + updateTime: + description: 'The time this status and any related Feature-specific + details were updated. A timestamp in RFC3339 UTC "Zulu" + format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' + type: string + type: object + type: object + updateTime: + description: Output only. When the Feature resource was last updated. + format: date-time + type: string type: object required: - spec @@ -44390,25 +68905,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: dnspolicies.dns.cnrm.cloud.google.com + name: gkehubmemberships.gkehub.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: gkehub.cnrm.cloud.google.com names: categories: - gcp - kind: DNSPolicy - plural: dnspolicies + kind: GKEHubMembership + plural: gkehubmemberships shortNames: - - gcpdnspolicy - - gcpdnspolicies - singular: dnspolicy + - gcpgkehubmembership + - gcpgkehubmemberships + singular: gkehubmembership preserveUnknownFields: false scope: Namespaced versions: @@ -44446,96 +68961,139 @@ spec: type: object spec: properties: - alternativeNameServerConfig: - description: |- - Sets an alternative name server for the associated networks. - When specified, all DNS queries are forwarded to a name server that you choose. - Names such as .internal are not available when an alternative name server is specified. + authority: + description: 'Optional. How to identify workloads from this Membership. + See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' properties: - targetNameServers: - description: |- - Sets an alternative name server for the associated networks. When specified, - all DNS queries are forwarded to a name server that you choose. Names such as .internal - are not available when an alternative name server is specified. - items: - properties: - forwardingPath: - description: |- - Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding - decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go - to the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: ["default", "private"]. - type: string - ipv4Address: - description: IPv4 address to forward to. - type: string - required: - - ipv4Address - type: object - type: array - required: - - targetNameServers + issuer: + description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` + must start with `https://` and be a valid URL with length <2000 + characters. If set, then Google will allow valid OIDC tokens + from this issuer to authenticate within the workload_identity_pool. + OIDC discovery will be performed on this URI to validate tokens + from the issuer. Clearing `issuer` disables Workload Identity. + `issuer` cannot be directly modified; it must be cleared (and + Workload Identity disabled) before using a new issuer (and re-enabling + Workload Identity). + type: string type: object description: - description: A textual description field. Defaults to 'Managed by - Config Connector'. + description: 'Description of this membership, limited to 63 characters. + Must match the regex: `*` This field is present for legacy purposes.' type: string - enableInboundForwarding: - description: |- - Allows networks bound to this policy to receive DNS queries sent - by VMs or applications over VPN connections. When enabled, a - virtual IP address will be allocated from each of the sub-networks - that are bound to this policy. - type: boolean - enableLogging: - description: |- - Controls whether logging is enabled for the networks bound to this policy. - Defaults to no logging if not set. - type: boolean - networks: - description: List of network names specifying networks to which this - policy is applied. - items: - properties: - networkRef: - description: VPC network to bind to. - oneOf: - - not: + endpoint: + description: Optional. Endpoint information to reach this member. + properties: + gkeCluster: + description: Optional. GKE-specific information. Only present + if this Membership is a GKE cluster. + properties: + resourceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - networkRef - type: object - type: array + properties: + external: + description: |- + Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. + + Allowed value: The `selfLink` field of a `ContainerCluster` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + kubernetesResource: + description: 'Optional. The in-cluster Kubernetes Resources that + should be applied for a correctly registered cluster, in the + steady state. These resources: * Ensure that the cluster is + exclusively registered to one and only one Hub Membership. * + Propagate Workload Pool Information available in the Membership + Authority field. * Ensure proper initial configuration of default + Hub Features.' + properties: + membershipCrManifest: + description: Input only. The YAML representation of the Membership + CR. This field is ignored for GKE clusters where Hub can + read the CR directly. Callers should provide the CR that + is currently present in the cluster during CreateMembership + or UpdateMembership, or leave this field empty if none exists. + The CR manifest is used to validate the cluster has not + been registered with another Membership. + type: string + resourceOptions: + description: Optional. Options for Kubernetes resource generation. + properties: + connectVersion: + description: Optional. The Connect agent version to use + for connect_resources. Defaults to the latest GKE Connect + version. The version must be a currently supported version, + obsolete versions will be rejected. + type: string + v1beta1Crd: + description: Optional. Use `apiextensions/v1beta1` instead + of `apiextensions/v1` for CustomResourceDefinition resources. + This option should be set for clusters with Kubernetes + apiserver versions <1.16. + type: boolean + type: object + type: object + type: object + externalId: + description: 'Optional. An externally-generated and managed ID for + this Membership. This ID may be modified after creation, but this + is not recommended. The ID must match the regex: `*` If this Membership + represents a Kubernetes cluster, this value should be set to the + UID of the `kube-system` namespace object.' + type: string + infrastructureType: + description: 'Optional. The infrastructure type this Membership is + running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, + MULTI_CLOUD' + type: string + location: + description: Immutable. The location for the resource + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location type: object status: properties: + authority: + properties: + identityProvider: + description: Output only. An identity provider that reflects the + `issuer` in the workload identity pool. + type: string + workloadIdentityPool: + description: 'Output only. The name of the workload identity pool + in which `issuer` will be recognized. There is a single Workload + Identity Pool per Hub that is shared between all Memberships + that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, + the workload pool format is `{PROJECT_ID}.hub.id.goog`, although + this is subject to change in newer versions of this API.' + type: string + type: object conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -44562,6 +69120,111 @@ spec: type: string type: object type: array + createTime: + description: Output only. When the Membership was created. + format: date-time + type: string + deleteTime: + description: Output only. When the Membership was deleted. + format: date-time + type: string + endpoint: + properties: + kubernetesMetadata: + description: Output only. Useful Kubernetes-specific metadata. + properties: + kubernetesApiServerVersion: + description: Output only. Kubernetes API server version string + as reported by `/version`. + type: string + memoryMb: + description: Output only. The total memory capacity as reported + by the sum of all Kubernetes nodes resources, defined in + MB. + format: int64 + type: integer + nodeCount: + description: Output only. Node count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + nodeProviderId: + description: Output only. Node providerID as reported by the + first node in the list of nodes on the Kubernetes endpoint. + On Kubernetes platforms that support zero-node clusters + (like GKE-on-GCP), the node_count will be zero and the node_provider_id + will be empty. + type: string + updateTime: + description: Output only. The time at which these details + were last updated. This update_time is different from the + Membership-level update_time since EndpointDetails are updated + internally for API consumers. + format: date-time + type: string + vcpuCount: + description: Output only. vCPU count as reported by Kubernetes + nodes resources. + format: int64 + type: integer + type: object + kubernetesResource: + properties: + connectResources: + description: Output only. The Kubernetes resources for installing + the GKE Connect agent This field is only populated in the + Membership returned from a successful long-running operation + from CreateMembership or UpdateMembership. It is not populated + during normal GetMembership or ListMemberships requests. + To get the resource manifest after the initial registration, + the caller should make a UpdateMembership call with an empty + field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + membershipResources: + description: Output only. Additional Kubernetes resources + that need to be applied to the cluster after Membership + creation, and after every update. This field is only populated + in the Membership returned from a successful long-running + operation from CreateMembership or UpdateMembership. It + is not populated during normal GetMembership or ListMemberships + requests. To get the resource manifest after the initial + registration, the caller should make a UpdateMembership + call with an empty field mask. + items: + properties: + clusterScoped: + description: Whether the resource provided in the manifest + is `cluster_scoped`. If unset, the manifest is assumed + to be namespace scoped. This field is used for REST + mapping when applying the resource in a cluster. + type: boolean + manifest: + description: YAML manifest of the resource. + type: string + type: object + type: array + type: object + type: object + lastConnectionTime: + description: Output only. For clusters using Connect, the timestamp + of the most recent connection established with Google Cloud. This + time is updated every several minutes, not continuously. For clusters + that do not use GKE Connect, or that have never connected successfully, + this field will be unset. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -44569,7 +69232,28 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: Output only. State of the Membership resource. + properties: + code: + description: 'Output only. The current state of the Membership + resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, + DELETING, UPDATING, SERVICE_UPDATING' + type: string + type: object + uniqueId: + description: Output only. Google-generated UUID for this resource. + This is unique across all Membership resources. If a Membership + resource is deleted and another resource with the same name is created, + it gets a different unique_id. + type: string + updateTime: + description: Output only. When the Membership was last updated. + format: date-time + type: string type: object + required: + - spec type: object served: true storage: true @@ -44586,25 +69270,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: dnsrecordsets.dns.cnrm.cloud.google.com + name: healthcareconsentstores.healthcare.cnrm.cloud.google.com spec: - group: dns.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: DNSRecordSet - plural: dnsrecordsets + kind: HealthcareConsentStore + plural: healthcareconsentstores shortNames: - - gcpdnsrecordset - - gcpdnsrecordsets - singular: dnsrecordset + - gcphealthcareconsentstore + - gcphealthcareconsentstores + singular: healthcareconsentstore preserveUnknownFields: false scope: Namespaced versions: @@ -44624,7 +69308,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44641,94 +69325,29 @@ spec: metadata: type: object spec: - oneOf: - - required: - - rrdatas - - required: - - rrdatasRefs properties: - managedZoneRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `DNSManagedZone` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - name: - description: Immutable. The DNS name this record set will apply to. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - rrdatas: - description: DEPRECATED. Although this field is still available, there - is limited support. We recommend that you use `spec.rrdatasRefs` - instead. - items: - type: string - type: array - rrdatasRefs: - items: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: 'Allowed value: The `address` field of a `ComputeAddress` - resource.' - type: string - kind: - description: 'Kind of the referent. Allowed values: ComputeAddress' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - ttl: - description: The time-to-live of this record set (seconds). - type: integer - type: - description: The DNS record set type. + defaultConsentTtl: + description: |- + Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + enableConsentCreateOnUpdate: + description: If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] + creates the consent if it does not already exist. + type: boolean + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - managedZoneRef - - name - - type + - dataset type: object status: properties: @@ -44784,25 +69403,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: eventarctriggers.eventarc.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredatasets.healthcare.cnrm.cloud.google.com spec: - group: eventarc.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: EventarcTrigger - plural: eventarctriggers + kind: HealthcareDataset + plural: healthcaredatasets shortNames: - - gcpeventarctrigger - - gcpeventarctriggers - singular: eventarctrigger + - gcphealthcaredataset + - gcphealthcaredatasets + singular: healthcaredataset preserveUnknownFields: false scope: Namespaced versions: @@ -44822,7 +69441,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -44837,243 +69456,14 @@ spec: submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: - type: object - spec: - properties: - channelRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: Optional. The name of the channel associated with - the trigger in `projects/{project}/locations/{location}/channels/{channel}` - format. You must provide a channel to receive events from Eventarc - SaaS partners. - type: string - name: - description: |- - [WARNING] EventarcChannel not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - destination: - description: Required. Destination specifies where the events should - be sent to. - properties: - cloudFunctionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - [WARNING] Configuring a Cloud Function in Trigger is not supported as of today. The Cloud Function resource name. Format: projects/{project}/locations/{location}/functions/{function} - - Allowed value: The Google Cloud resource name of a `CloudFunctionsFunction` resource (format: `projects/{{project}}/locations/{{region}}/functions/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - cloudRunService: - description: Cloud Run fully-managed service that receives the - events. The service should be running in the same project of - the trigger. - properties: - path: - description: 'Optional. The relative path on the Cloud Run - service the events should be sent to. The value must conform - to the definition of URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - region: - description: Required. The region the Cloud Run service is - deployed in. - type: string - serviceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed. - - Allowed value: The Google Cloud resource name of a `RunService` resource (format: `projects/{{project}}/locations/{{location}}/services/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - region - - serviceRef - type: object - gke: - description: A GKE service capable of receiving events. The service - should be running in the same project as the trigger. - properties: - clusterRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - location: - description: Required. The name of the Google Compute Engine - in which the cluster resides, which can either be compute - zone (for example, us-central1-a) for the zonal clusters - or region (for example, us-central1) for regional clusters. - type: string - namespace: - description: Required. The namespace the GKE service is running - in. - type: string - path: - description: 'Optional. The relative path on the GKE service - the events should be sent to. The value must conform to - the definition of a URI path segment (section 3.3 of RFC2396). - Examples: "/route", "route", "route/subroute".' - type: string - service: - description: Required. Name of the GKE service. - type: string - required: - - clusterRef - - location - - namespace - - service - type: object - workflowRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'The resource name of the Workflow whose Executions - are triggered by the events. The Workflow resource should - be deployed in the same project as the trigger. Format: - `projects/{project}/locations/{location}/workflows/{workflow}`' - type: string - name: - description: |- - [WARNING] WorkflowsWorkflow not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object + type: object + spec: + properties: location: - description: Immutable. The location for the resource + description: Immutable. The location for the Dataset. type: string - matchingCriteria: - description: Required. null The list of filters that applies to event - attributes. Only events that match all the provided filters will - be sent to the destination. - items: - properties: - attribute: - description: Required. The name of a CloudEvents attribute. - Currently, only a subset of attributes are supported for filtering. - All triggers MUST provide a filter for the 'type' attribute. - type: string - operator: - description: Optional. The operator used for matching the events - with the value of the filter. If not specified, only events - that have an exact key-value pair specified in the filter - are matched. The only allowed value is `match-path-pattern`. - type: string - value: - description: Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud - for available values. - type: string - required: - - attribute - - value - type: object - type: array projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -45090,10 +69480,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -45107,81 +69494,14 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serviceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - transport: - description: Immutable. Optional. In order to deliver messages, Eventarc - may use other GCP products as transport intermediary. This field - contains a reference to that transport intermediary. This information - can be used for debugging purposes. - properties: - pubsub: - description: Immutable. The Pub/Sub topic and subscription used - by Eventarc as delivery intermediary. - properties: - topicRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion. - - Allowed value: The Google Cloud resource name of a `PubSubTopic` resource (format: `projects/{{project}}/topics/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - type: object + timeZone: + description: |- + The default timezone used by this dataset. Must be a either a valid IANA time zone name such as + "America/New_York" or empty, which defaults to UTC. This is used for parsing times in resources + (e.g., HL7 messages) where no explicit timezone is specified. + type: string required: - - destination - location - - matchingCriteria - projectRef type: object status: @@ -45212,15 +69532,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - etag: - description: Output only. This checksum is computed by the server - based on the value of other fields, and may be sent only on create - requests to ensure the client has an up-to-date value before proceeding. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45228,31 +69539,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceConditions: - additionalProperties: - type: string - description: Output only. The reason(s) why a trigger is in FAILED - state. - type: object - transport: - properties: - pubsub: - properties: - subscription: - description: 'Output only. The name of the Pub/Sub subscription - created and managed by Eventarc system as a transport for - the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.' - type: string - type: object - type: object - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45273,25 +69561,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestorebackups.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcaredicomstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreBackup - plural: filestorebackups + kind: HealthcareDICOMStore + plural: healthcaredicomstores shortNames: - - gcpfilestorebackup - - gcpfilestorebackups - singular: filestorebackup + - gcphealthcaredicomstore + - gcphealthcaredicomstores + singular: healthcaredicomstore preserveUnknownFields: false scope: Namespaced versions: @@ -45311,7 +69599,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45329,95 +69617,57 @@ spec: type: object spec: properties: - description: - description: A description of the backup with 2048 characters or less. - Requests with longer descriptions will be rejected. - type: string - location: - description: Immutable. The location for the resource + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + notificationConfig: + description: A nested object resource. properties: - external: + pubsubTopic: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. type: string + required: + - pubsubTopic type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - sourceFileShare: - description: Immutable. Name of the file share in the source Cloud - Filestore instance that the backup is created from. - type: string - sourceInstanceRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + streamConfigs: + description: |- + To enable streaming to BigQuery, configure the streamConfigs object in your DICOM store. + streamConfigs is an array, so you can specify multiple BigQuery destinations. You can stream metadata from a single DICOM store to up to five BigQuery tables in a BigQuery dataset. + items: + properties: + bigqueryDestination: + description: BigQueryDestination to include a fully qualified + BigQuery table URI where DICOM instance metadata will be streamed. + properties: + tableUri: + description: a fully qualified BigQuery table URI where + DICOM instance metadata will be streamed. + type: string + required: + - tableUri + type: object required: - - external - properties: - external: - description: |- - The resource name of the source Cloud Filestore instance, in the format projects/{project_number}/locations/{location_id}/instances/{instance_id}, used to create this backup. - - Allowed value: The Google Cloud resource name of a `FilestoreInstance` resource (format: `projects/{{project}}/locations/{{location}}/instances/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - bigqueryDestination + type: object + type: array required: - - location - - projectRef - - sourceFileShare - - sourceInstanceRef + - dataset type: object status: properties: - capacityGb: - description: Output only. Capacity of the source file share when the - backup was created. - format: int64 - type: integer conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -45444,16 +69694,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the backup was created. - format: date-time - type: string - downloadBytes: - description: Output only. Amount of bytes that will be downloaded - if the backup is restored. This may be different than storage bytes, - since sequential backups of the same disk will share storage. - format: int64 - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45461,21 +69701,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sourceInstanceTier: - description: 'Output only. The service tier of the source Cloud Filestore - instance that this backup is created from. Possible values: TIER_UNSPECIFIED, - STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD' - type: string - state: - description: 'Output only. The backup state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR, RESTORING' + selfLink: + description: The fully qualified name of this dataset. type: string - storageBytes: - description: Output only. The size of the storage used by the backup. - As backups share storage, this number is expected to change with - backup creation/deletion. - format: int64 - type: integer type: object required: - spec @@ -45495,25 +69723,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: filestoreinstances.filestore.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: healthcarefhirstores.healthcare.cnrm.cloud.google.com spec: - group: filestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FilestoreInstance - plural: filestoreinstances + kind: HealthcareFHIRStore + plural: healthcarefhirstores shortNames: - - gcpfilestoreinstance - - gcpfilestoreinstances - singular: filestoreinstance + - gcphealthcarefhirstore + - gcphealthcarefhirstores + singular: healthcarefhirstore preserveUnknownFields: false scope: Namespaced versions: @@ -45533,7 +69761,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45551,208 +69779,165 @@ spec: type: object spec: properties: - description: - description: The description of the instance (2048 characters or less). + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fileShares: - description: File system shares on the instance. For this version, - only a single file share is supported. + disableReferentialIntegrity: + description: |- + Immutable. Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store + creation. The default value is false, meaning that the API will enforce referential integrity and fail the + requests that will result in inconsistent state in the FHIR store. When this field is set to true, the API + will skip referential integrity check. Consequently, operations that rely on references, such as + Patient.get$everything, will not return all the results if broken references exist. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + disableResourceVersioning: + description: |- + Immutable. Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation + of FHIR store. If set to false, which is the default behavior, all write operations will cause historical + versions to be recorded automatically. The historical versions can be fetched through the history APIs, but + cannot be updated. If set to true, no historical versions will be kept. The server will send back errors for + attempts to read the historical versions. + + ** Changing this property may recreate the FHIR store (removing all data) **. + type: boolean + enableHistoryImport: + description: |- + Immutable. Whether to allow the bulk import API to accept history bundles and directly insert historical resource + versions into the FHIR store. Importing resource histories creates resource interactions that appear to have + occurred in the past, which clients may not want to allow. If set to false, history bundles within an import + will fail with an error. + + ** Changing this property may recreate the FHIR store (removing all data) ** + + ** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **. + type: boolean + enableUpdateCreate: + description: |- + Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update + operation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through + the Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit + logs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient + identifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub + notifications. + type: boolean + notificationConfig: + description: A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: + description: A list of notifcation configs that configure the notification + for every resource mutation in this FHIR store. items: properties: - capacityGb: - description: File share capacity in gigabytes (GB). Cloud Filestore - defines 1 GB as 1024^3 bytes. - format: int64 - type: integer - name: - description: The name of the file share (must be 16 characters - or less). - type: string - nfsExportOptions: - description: Nfs Export Options. There is a limit of 10 export - options per file share. - items: - properties: - accessMode: - description: 'Either READ_ONLY, for allowing only read - requests on the exported directory, or READ_WRITE, for - allowing both read and write requests. The default is - READ_WRITE. Possible values: ACCESS_MODE_UNSPECIFIED, - READ_ONLY, READ_WRITE' - type: string - anonGid: - description: An integer representing the anonymous group - id with a default value of 65534. Anon_gid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - anonUid: - description: An integer representing the anonymous user - id with a default value of 65534. Anon_uid may only - be set with squash_mode of ROOT_SQUASH. An error will - be returned if this field is specified for other squash_mode - settings. - format: int64 - type: integer - ipRanges: - description: List of either an IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or CIDR ranges - in the format `{octet1}.{octet2}.{octet3}.{octet4}/{mask - size}` which may mount the file share. Overlapping IP - ranges are not allowed, both within and across NfsExportOptions. - An error will be returned. The limit is 64 IP ranges/addresses - for each FileShareConfig among all NfsExportOptions. - items: - type: string - type: array - squashMode: - description: 'Either NO_ROOT_SQUASH, for allowing root - access on the exported directory, or ROOT_SQUASH, for - not allowing root access. The default is NO_ROOT_SQUASH. - Possible values: SQUASH_MODE_UNSPECIFIED, NO_ROOT_SQUASH, - ROOT_SQUASH' - type: string - type: object - type: array - sourceBackupRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The resource name of the backup, in the format `projects/{project_number}/locations/{location_id}/backups/{backup_id}`, that this file share has been restored from. - - Allowed value: The Google Cloud resource name of a `FilestoreBackup` resource (format: `projects/{{project}}/locations/{{location}}/backups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + sendFullResource: + description: "Whether to send full FHIR resource to this Pub/Sub + topic for Create and Update operation.\nNote that setting + this to true does not guarantee that all resources will be + sent in the format of \nfull FHIR resource. When a resource + change is too large or during heavy traffic, only the resource + name will be\nsent. Clients should always check the \"payloadType\" + label from a Pub/Sub message to determine whether \nit needs + to fetch the full resource as a separate operation." + type: boolean + required: + - pubsubTopic type: object type: array - location: - description: Immutable. The location for the resource + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - networks: - description: Immutable. VPC networks to which the instance is connected. - For this version, only a single network is supported. + streamConfigs: + description: |- + A list of streaming configs that configure the destinations of streaming export for every resource mutation in + this FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next + resource mutation is streamed to the new location in addition to the existing ones. When a location is removed + from the list, the server stops streaming to that location. Before adding a new config, you must add the required + bigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on + the order of dozens of seconds) is expected before the results show up in the streaming destination. items: properties: - ipAddresses: - description: Immutable. Output only. IPv4 addresses in the format - `{octet1}.{octet2}.{octet3}.{octet4}` or IPv6 addresses in - the format `{block1}:{block2}:{block3}:{block4}:{block5}:{block6}:{block7}:{block8}`. - items: - type: string - type: array - modes: - description: Immutable. Internet protocol versions for which - the instance has IP addresses assigned. For this version, - only MODE_IPV4 is supported. - items: - type: string - type: array - networkRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + bigqueryDestination: + description: |- + The destination BigQuery structure that contains both the dataset location and corresponding schema config. + The output is organized in one table per resource type. The server reuses the existing tables (if any) that + are named after the resource types, e.g. "Patient", "Observation". When there is no existing table for a given + resource type, the server attempts to create one. + See the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details. properties: - external: - description: |- - The name of the Google Compute Engine [VPC network](https://cloud.google.com/vpc/docs/vpc) to which the instance is connected. - - Allowed value: The Google Cloud resource name of a `ComputeNetwork` resource (format: `projects/{{project}}/global/networks/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + datasetUri: + description: BigQuery URI to a dataset, up to 2000 characters + long, in the format bq://projectId.bqDatasetId. type: string + schemaConfig: + description: The configuration for the exported BigQuery + schema. + properties: + recursiveStructureDepth: + description: |- + The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem + resource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called + concept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default + value 2. The maximum depth allowed is 5. + type: integer + schemaType: + description: |- + Specifies the output schema type. + * ANALYTICS: Analytics schema defined by the FHIR community. + See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md. + * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON. + * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: "ANALYTICS" Possible values: ["ANALYTICS", "ANALYTICS_V2", "LOSSLESS"]. + type: string + required: + - recursiveStructureDepth + type: object + required: + - datasetUri + - schemaConfig type: object - reservedIPRange: - description: Immutable. A /29 CIDR block in one of the [internal - IP address ranges](https://www.arin.net/reference/research/statistics/address_filters/) - that identifies the range of IP addresses reserved for this - instance. For example, 10.0.0.0/29 or 192.168.0.0/29. The - range you specify can't overlap with either existing subnets - or assigned IP address ranges for other Cloud Filestore instances - in the selected VPC network. - type: string + resourceTypes: + description: |- + Supply a FHIR resource type (such as "Patient" or "Observation"). See + https://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats + an empty list as an intent to stream all the supported resource types in this FHIR store. + items: + type: string + type: array + required: + - bigqueryDestination type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - tier: - description: 'Immutable. The service tier of the instance. Possible - values: TIER_UNSPECIFIED, STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, - HIGH_SCALE_SSD, ENTERPRISE' + version: + description: 'Immutable. The FHIR specification version. Default value: + "STU3" Possible values: ["DSTU2", "STU3", "R4"].' type: string required: - - location - - projectRef + - dataset type: object status: properties: @@ -45782,14 +69967,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time when the instance was created. - format: date-time - type: string - etag: - description: Server-specified ETag for the instance resource to prevent - simultaneous updates from overwriting each other. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45797,13 +69974,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The instance state. Possible values: STATE_UNSPECIFIED, - CREATING, READY, REPAIRING, DELETING, ERROR' - type: string - statusMessage: - description: Output only. Additional information about the instance - state, if available. + selfLink: + description: The fully qualified name of this dataset. type: string type: object required: @@ -45824,25 +69996,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: firestoreindexes.firestore.cnrm.cloud.google.com + name: healthcarehl7v2stores.healthcare.cnrm.cloud.google.com spec: - group: firestore.cnrm.cloud.google.com + group: healthcare.cnrm.cloud.google.com names: categories: - gcp - kind: FirestoreIndex - plural: firestoreindexes + kind: HealthcareHL7V2Store + plural: healthcarehl7v2stores shortNames: - - gcpfirestoreindex - - gcpfirestoreindexes - singular: firestoreindex + - gcphealthcarehl7v2store + - gcphealthcarehl7v2stores + singular: healthcarehl7v2store preserveUnknownFields: false scope: Namespaced versions: @@ -45862,7 +70034,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -45880,44 +70052,93 @@ spec: type: object spec: properties: - collection: - description: Immutable. The collection being indexed. - type: string - database: - description: Immutable. The Firestore database id. Defaults to '"(default)"'. + dataset: + description: |- + Immutable. Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}'. type: string - fields: + notificationConfig: + description: DEPRECATED. This field has been replaced by notificationConfigs. + A nested object resource. + properties: + pubsubTopic: + description: |- + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + type: string + required: + - pubsubTopic + type: object + notificationConfigs: description: |- - Immutable. The fields supported by this index. The last field entry is always for - the field path '__name__'. If, on creation, '__name__' was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the '__name__' will be - ordered '"ASCENDING"' (unless explicitly specified otherwise). + A list of notification configs. Each configuration uses a filter to determine whether to publish a + message (both Ingest & Create) on the corresponding notification destination. Only the message name + is sent as part of the notification. Supplied by the client. items: properties: - arrayConfig: + filter: description: |- - Immutable. Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can - be specified. Possible values: ["CONTAINS"]. - type: string - fieldPath: - description: Immutable. Name of the field. - type: string - order: + Restricts notifications sent for messages matching a filter. If this is empty, all messages + are matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings + + Fields/functions available for filtering are: + + * messageType, from the MSH-9.1 field. For example, NOT messageType = "ADT". + * send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date < "2017-01-02". + * sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime < "2017-01-02T00:00:00-05:00". + * sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = "ABC". + * PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId("123456", "MRN"). + * labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels."priority"="high". The operator :* can be used to assert the existence of a label. For example, labels."priority":*. + type: string + pubsubTopic: description: |- - Immutable. Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of 'order' and 'arrayConfig' can be specified. Possible values: ["ASCENDING", "DESCENDING"]. + The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client. + PubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message. + It is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message + was published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a + project. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given + Cloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail. + + If a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver. type: string + required: + - pubsubTopic type: object type: array - queryScope: - description: 'Immutable. The scope at which a query is run. Default - value: "COLLECTION" Possible values: ["COLLECTION", "COLLECTION_GROUP"].' + parserConfig: + description: A nested object resource. + properties: + allowNullHeader: + description: Determines whether messages with no header are allowed. + type: boolean + schema: + description: |- + JSON encoded string for schemas used to parse messages in this + store if schematized parsing is desired. + type: string + segmentTerminator: + description: |- + Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator. + + A base64-encoded string. + type: string + version: + description: 'Immutable. The version of the unschematized parser + to be used when a custom ''schema'' is not set. Default value: + "V1" Possible values: ["V1", "V2", "V3"].' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - collection - - fields + - dataset type: object status: properties: @@ -45947,11 +70168,6 @@ spec: type: string type: object type: array - name: - description: |- - A server defined name for this index. Format: - 'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -45959,6 +70175,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The fully qualified name of this dataset. + type: string type: object required: - spec @@ -45978,25 +70197,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: folders.resourcemanager.cnrm.cloud.google.com + name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: Folder - plural: folders + kind: IAMAccessBoundaryPolicy + plural: iamaccessboundarypolicies shortNames: - - gcpfolder - - gcpfolders - singular: folder + - gcpiamaccessboundarypolicy + - gcpiamaccessboundarypolicies + singular: iamaccessboundarypolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46033,62 +70252,11 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: displayName: - description: The folder's display name. A folder's display name must - be unique amongst its siblings, e.g. no two folders with the same - parent can share the same display name. The display name must start - and end with a letter or digit, may contain letters, digits, spaces, - hyphens and underscores and can be no longer than 30 characters. + description: The display name of the rule. type: string - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `folderId` field of a `Folder` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + projectRef: oneOf: - not: required: @@ -46105,8 +70273,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' + description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, + where {{value}} is the `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -46116,12 +70284,62 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + rules: + description: Rules to be applied. + items: + properties: + accessBoundaryRule: + description: An access boundary rule in an IAM policy. + properties: + availabilityCondition: + description: The availability condition further constrains + the access allowed by the access boundary rule. + properties: + description: + description: |- + Description of the expression. This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression + in Common Expression Language syntax. + type: string + location: + description: |- + String indicating the location of the expression for error reporting, + e.g. a file name and a position in the file. + type: string + title: + description: |- + Title for the expression, i.e. a short string describing its purpose. + This can be used e.g. in UIs which allow to enter the expression. + type: string + required: + - expression + type: object + availablePermissions: + description: A list of permissions that may be allowed for + use on the specified resource. + items: + type: string + type: array + availableResource: + description: The full resource name of a Google Cloud resource + entity. + type: string + type: object + description: + description: The description of the rule. + type: string + type: object + type: array required: - - displayName + - projectRef + - rules type: object status: properties: @@ -46151,19 +70369,8 @@ spec: type: string type: object type: array - createTime: - description: 'Timestamp when the Folder was created. Assigned by the - server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - Example: "2014-10-02T15:01:23.045123456Z".' - type: string - folderId: - description: The folder id from the name "folders/{folder_id}". - type: string - lifecycleState: - description: The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED. - type: string - name: - description: The resource name of the Folder. Its format is folders/{folder_id}. + etag: + description: The hash of the resource. Used internally during updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46191,389 +70398,119 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: gkehubfeaturememberships.gkehub.cnrm.cloud.google.com -spec: - group: gkehub.cnrm.cloud.google.com - names: - categories: - - gcp - kind: GKEHubFeatureMembership - plural: gkehubfeaturememberships - shortNames: - - gcpgkehubfeaturemembership - - gcpgkehubfeaturememberships - singular: gkehubfeaturemembership - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - configmanagement: - description: Config Management-specific spec. - properties: - binauthz: - description: Binauthz configuration for the cluster. - properties: - enabled: - description: Whether binauthz is enabled in this cluster. - type: boolean - type: object - configSync: - description: Config Sync configuration for the cluster. - properties: - git: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The GCP Service Account Email used for auth when secretType is gcpServiceAccount. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - httpsProxy: - description: URL for the HTTPS proxy to be used when communicating - with the Git repo. - type: string - policyDir: - description: 'The path within the Git repository that - represents the top level of the repo to sync. Default: - the root directory of the repository.' - type: string - secretType: - description: Type of secret configured for access to the - Git repo. Must be one of ssh, cookiefile, gcenode, token, - gcpserviceaccount or none. The validation of this is - case-sensitive. - type: string - syncBranch: - description: 'The branch of the repository to sync from. - Default: master.' - type: string - syncRepo: - description: The URL of the Git repository to use as the - source of truth. - type: string - syncRev: - description: Git revision (tag or hash) to check out. - Default HEAD. - type: string - syncWaitSecs: - description: 'Period in seconds between consecutive syncs. - Default: 15.' - type: string - type: object - oci: - properties: - gcpServiceAccountRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: "The GCP Service Account Email used for - auth when secret_type is gcpserviceaccount. \n\nAllowed - value: The `email` field of an `IAMServiceAccount` - resource." - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - policyDir: - description: 'The absolute path of the directory that - contains the local resources. Default: the root directory - of the image.' - type: string - secretType: - description: Type of secret configured for access to the - OCI Image. Must be one of gcenode, gcpserviceaccount - or none. The validation of this is case-sensitive. - type: string - syncRepo: - description: The OCI image repository URL for the package - to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME. - type: string - syncWaitSecs: - description: 'Period in seconds(int64 format) between - consecutive syncs. Default: 15.' - type: string - type: object - preventDrift: - description: Set to true to enable the Config Sync admission - webhook to prevent drifts. If set to `false`, disables the - Config Sync admission webhook and does not prevent drifts. - type: boolean - sourceFormat: - description: Specifies whether the Config Sync Repo is in - "hierarchical" or "unstructured" mode. - type: string - type: object - hierarchyController: - description: Hierarchy Controller configuration for the cluster. - properties: - enableHierarchicalResourceQuota: - description: Whether hierarchical resource quota is enabled - in this cluster. - type: boolean - enablePodTreeLabels: - description: Whether pod tree labels are enabled in this cluster. - type: boolean - enabled: - description: Whether Hierarchy Controller is enabled in this - cluster. - type: boolean - type: object - policyController: - description: Policy Controller configuration for the cluster. - properties: - auditIntervalSeconds: - description: Sets the interval for Policy Controller Audit - Scans (in seconds). When set to 0, this disables audit functionality - altogether. - type: string - enabled: - description: Enables the installation of Policy Controller. - If false, the rest of PolicyController fields take no effect. - type: boolean - exemptableNamespaces: - description: The set of namespaces that are excluded from - Policy Controller checks. Namespaces do not need to currently - exist on the cluster. - items: - type: string - type: array - logDeniesEnabled: - description: Logs all denies and dry run failures. - type: boolean - monitoring: - description: 'Specifies the backends Policy Controller should - export metrics to. For example, to specify metrics should - be exported to Cloud Monitoring and Prometheus, specify - backends: ["cloudmonitoring", "prometheus"]. Default: ["cloudmonitoring", - "prometheus"]' - properties: - backends: - description: ' Specifies the list of backends Policy Controller - will export to. Specifying an empty value `[]` disables - metrics export.' - items: - type: string - type: array - type: object - mutationEnabled: - description: Enable or disable mutation in policy controller. - If true, mutation CRDs, webhook and controller deployment - will be deployed to the cluster. - type: boolean - referentialRulesEnabled: - description: Enables the ability to use Constraint Templates - that reference to objects other than the object currently - being evaluated. - type: boolean - templateLibraryInstalled: - description: Installs the default template library along with - Policy Controller. - type: boolean - type: object - version: - description: Optional. Version of ACM to install. Defaults to - the latest version. - type: string - type: object - featureRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace + cnrm.cloud.google.com/system: "true" + name: iamauditconfigs.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMAuditConfig + plural: iamauditconfigs + shortNames: + - gcpiamauditconfig + - gcpiamauditconfigs + singular: iamauditconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True' the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: IAMAuditConfig is the schema for the IAM audit logging API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each type + of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for this type + of permission. The format is the same as that for 'members' + in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be configured. + Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string required: - - external + - logType + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAMAuditConfig + on (e.g. project). properties: - external: - description: |- - The name of the feature - - Allowed value: The Google Cloud resource name of a `GKEHubFeature` resource (format: `projects/{{project}}/locations/{{location}}/features/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + apiVersion: type: string - type: object - location: - description: Immutable. The location of the feature - type: string - membershipRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: external: - description: |- - The name of the membership - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - mesh: - description: Manage Mesh Features - properties: - controlPlane: - description: '**DEPRECATED** Whether to automatically manage Service - Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, - AUTOMATIC, MANUAL' - type: string - management: - description: 'Whether to automatically manage Service Mesh. Possible - values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL' type: string - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project of the feature - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string + required: + - kind type: object + service: + description: 'Immutable. Required. The service for which to enable + Data Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering both + ''allServices'' and a specific service, then the union of the two + audit configs is used for that service: the ''logTypes'' specified + in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' + in each ''auditLogConfg'' are exempted.' + type: string required: - - featureRef - - location - - membershipRef - - projectRef + - auditLogConfigs + - resourceRef + - service type: object status: + description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAMAuditConfig's current state. items: properties: lastTransitionTime: @@ -46603,10 +70540,9 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -46623,25 +70559,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubfeatures.gkehub.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamcustomroles.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubFeature - plural: gkehubfeatures + kind: IAMCustomRole + plural: iamcustomroles shortNames: - - gcpgkehubfeature - - gcpgkehubfeatures - singular: gkehubfeature + - gcpiamcustomrole + - gcpiamcustomroles + singular: iamcustomrole preserveUnknownFields: false scope: Namespaced versions: @@ -46679,87 +70615,29 @@ spec: type: object spec: properties: - location: - description: Immutable. The location for the resource + description: + description: A human-readable description for the role. type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + permissions: + description: The names of the permissions this role grants when bound + in an IAM policy. At least one permission must be specified. + items: + type: string + type: array resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The roleId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - spec: - description: Optional. Hub-wide Feature configuration. If this Feature - does not support any Hub-wide configuration, this field may be unused. - properties: - multiclusteringress: - description: Multicluster Ingress-specific spec. - properties: - configMembershipRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: `projects/foo-proj/locations/global/memberships/bar` - - Allowed value: The Google Cloud resource name of a `GKEHubMembership` resource (format: `projects/{{project}}/locations/{{location}}/memberships/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - configMembershipRef - type: object - type: object + stage: + description: The current launch stage of the role. Defaults to GA. + type: string + title: + description: A human-readable title for the role. + type: string required: - - location - - projectRef + - permissions + - title type: object status: properties: @@ -46789,13 +70667,11 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Feature resource was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Feature resource was deleted. - format: date-time + deleted: + description: The current deleted state of the role. + type: boolean + name: + description: The full name of the role. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -46804,46 +70680,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - resourceState: - description: State of the Feature resource itself. - properties: - hasResources: - description: Whether this Feature has outstanding resources that - need to be cleaned up before it can be disabled. - type: boolean - state: - description: 'The current state of the Feature resource in the - Hub API. Possible values: STATE_UNSPECIFIED, ENABLING, ACTIVE, - DISABLING, UPDATING, SERVICE_UPDATING' - type: string - type: object - state: - description: Output only. The Hub-wide Feature state - properties: - state: - description: Output only. The "running state" of the Feature in - this Hub. - properties: - code: - description: 'The high-level, machine-readable status of this - Feature. Possible values: CODE_UNSPECIFIED, OK, WARNING, - ERROR' - type: string - description: - description: A human-readable description of the current status. - type: string - updateTime: - description: 'The time this status and any related Feature-specific - details were updated. A timestamp in RFC3339 UTC "Zulu" - format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z"' - type: string - type: object - type: object - updateTime: - description: Output only. When the Feature resource was last updated. - format: date-time - type: string type: object required: - spec @@ -46863,25 +70699,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: gkehubmemberships.gkehub.cnrm.cloud.google.com + name: iampartialpolicies.iam.cnrm.cloud.google.com spec: - group: gkehub.cnrm.cloud.google.com + group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: GKEHubMembership - plural: gkehubmemberships + kind: IAMPartialPolicy + plural: iampartialpolicies shortNames: - - gcpgkehubmembership - - gcpgkehubmemberships - singular: gkehubmembership + - gcpiampartialpolicy + - gcpiampartialpolicies + singular: iampartialpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -46889,7 +70723,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -46897,164 +70731,218 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPartialPolicy is the Schema for the iampartialpolicy API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy properties: - authority: - description: 'Optional. How to identify workloads from this Membership. - See the documentation on Workload Identity for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity' - properties: - issuer: - description: Optional. A JSON Web Token (JWT) issuer URI. `issuer` - must start with `https://` and be a valid URL with length <2000 - characters. If set, then Google will allow valid OIDC tokens - from this issuer to authenticate within the workload_identity_pool. - OIDC discovery will be performed on this URI to validate tokens - from the issuer. Clearing `issuer` disables Workload Identity. - `issuer` cannot be directly modified; it must be cleared (and - Workload Identity disabled) before using a new issuer (and re-enabling - Workload Identity). - type: string - type: object - description: - description: 'Description of this membership, limited to 63 characters. - Must match the regex: `*` This field is present for legacy purposes.' - type: string - endpoint: - description: Optional. Endpoint information to reach this member. - properties: - gkeCluster: - description: Optional. GKE-specific information. Only present - if this Membership is a GKE cluster. - properties: - resourceRef: + bindings: + description: Optional. The list of IAM bindings managed by Config + Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. Self-link of the GCP resource for the GKE cluster. For example: //container.googleapis.com/projects/my-project/locations/us-west1-a/clusters/my-cluster Zonal clusters are also supported. - - Allowed value: The `selfLink` field of a `ContainerCluster` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - kubernetesResource: - description: 'Optional. The in-cluster Kubernetes Resources that - should be applied for a correctly registered cluster, in the - steady state. These resources: * Ensure that the cluster is - exclusively registered to one and only one Hub Membership. * - Propagate Workload Pool Information available in the Membership - Authority field. * Ensure proper initial configuration of default - Hub Features.' - properties: - membershipCrManifest: - description: Input only. The YAML representation of the Membership - CR. This field is ignored for GKE clusters where Hub can - read the CR directly. Callers should provide the CR that - is currently present in the cluster during CreateMembership - or UpdateMembership, or leave this field empty if none exists. - The CR manifest is used to validate the cluster has not - been registered with another Membership. - type: string - resourceOptions: - description: Optional. Options for Kubernetes resource generation. + - required: + - member + - required: + - memberFrom properties: - connectVersion: - description: Optional. The Connect agent version to use - for connect_resources. Defaults to the latest GKE Connect - version. The version must be a currently supported version, - obsolete versions will be rejected. + member: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. type: string - v1beta1Crd: - description: Optional. Use `apiextensions/v1beta1` instead - of `apiextensions/v1` for CustomResourceDefinition resources. - This option should be set for clusters with Kubernetes - apiserver versions <1.16. - type: boolean + memberFrom: + description: The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, + and only one subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity + (i.e. its 'status.writerIdentity') is to be bound + to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to + the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account + (i.e., its 'status.email') is to be bound to the + role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account + (i.e. its 'status.serviceAccountEmailAddress') is + to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object type: object - type: object + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external + properties: + apiVersion: + type: string + external: + type: string + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind type: object - externalId: - description: 'Optional. An externally-generated and managed ID for - this Membership. This ID may be modified after creation, but this - is not recommended. The ID must match the regex: `*` If this Membership - represents a Kubernetes cluster, this value should be set to the - UID of the `kube-system` namespace object.' - type: string - infrastructureType: - description: 'Optional. The infrastructure type this Membership is - running on. Possible values: INFRASTRUCTURE_TYPE_UNSPECIFIED, ON_PREM, - MULTI_CLOUD' - type: string - location: - description: Immutable. The location for the resource - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string required: - - location + - resourceRef type: object status: + description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy properties: - authority: - properties: - identityProvider: - description: Output only. An identity provider that reflects the - `issuer` in the workload identity pool. - type: string - workloadIdentityPool: - description: 'Output only. The name of the workload identity pool - in which `issuer` will be recognized. There is a single Workload - Identity Pool per Hub that is shared between all Memberships - that belong to that Hub. For a Hub hosted in: {PROJECT_ID}, - the workload pool format is `{PROJECT_ID}.hub.id.goog`, although - this is subject to change in newer versions of this API.' - type: string - type: object + allBindings: + description: AllBindings surfaces all IAM bindings for the referenced + resource. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47078,140 +70966,48 @@ spec: type: string type: object type: array - createTime: - description: Output only. When the Membership was created. - format: date-time - type: string - deleteTime: - description: Output only. When the Membership was deleted. - format: date-time - type: string - endpoint: - properties: - kubernetesMetadata: - description: Output only. Useful Kubernetes-specific metadata. - properties: - kubernetesApiServerVersion: - description: Output only. Kubernetes API server version string - as reported by `/version`. - type: string - memoryMb: - description: Output only. The total memory capacity as reported - by the sum of all Kubernetes nodes resources, defined in - MB. - format: int64 - type: integer - nodeCount: - description: Output only. Node count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - nodeProviderId: - description: Output only. Node providerID as reported by the - first node in the list of nodes on the Kubernetes endpoint. - On Kubernetes platforms that support zero-node clusters - (like GKE-on-GCP), the node_count will be zero and the node_provider_id - will be empty. - type: string - updateTime: - description: Output only. The time at which these details - were last updated. This update_time is different from the - Membership-level update_time since EndpointDetails are updated - internally for API consumers. - format: date-time + lastAppliedBindings: + description: LastAppliedBindings is the list of IAM bindings that + were most recently applied by Config Connector. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: type: string - vcpuCount: - description: Output only. vCPU count as reported by Kubernetes - nodes resources. - format: int64 - type: integer - type: object - kubernetesResource: - properties: - connectResources: - description: Output only. The Kubernetes resources for installing - the GKE Connect agent This field is only populated in the - Membership returned from a successful long-running operation - from CreateMembership or UpdateMembership. It is not populated - during normal GetMembership or ListMemberships requests. - To get the resource manifest after the initial registration, - the caller should make a UpdateMembership call with an empty - field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - membershipResources: - description: Output only. Additional Kubernetes resources - that need to be applied to the cluster after Membership - creation, and after every update. This field is only populated - in the Membership returned from a successful long-running - operation from CreateMembership or UpdateMembership. It - is not populated during normal GetMembership or ListMemberships - requests. To get the resource manifest after the initial - registration, the caller should make a UpdateMembership - call with an empty field mask. - items: - properties: - clusterScoped: - description: Whether the resource provided in the manifest - is `cluster_scoped`. If unset, the manifest is assumed - to be namespace scoped. This field is used for REST - mapping when applying the resource in a cluster. - type: boolean - manifest: - description: YAML manifest of the resource. - type: string - type: object - type: array - type: object - type: object - lastConnectionTime: - description: Output only. For clusters using Connect, the timestamp - of the most recent connection established with Google Cloud. This - time is updated every several minutes, not continuously. For clusters - that do not use GKE Connect, or that have never connected successfully, - this field will be unset. - format: date-time - type: string + type: array + role: + description: Required. The role to bind the users to. + type: string + required: + - role + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer - state: - description: Output only. State of the Membership resource. - properties: - code: - description: 'Output only. The current state of the Membership - resource. Possible values: CODE_UNSPECIFIED, CREATING, READY, - DELETING, UPDATING, SERVICE_UPDATING' - type: string - type: object - uniqueId: - description: Output only. Google-generated UUID for this resource. - This is unique across all Membership resources. If a Membership - resource is deleted and another resource with the same name is created, - it gets a different unique_id. - type: string - updateTime: - description: Output only. When the Membership was last updated. - format: date-time - type: string type: object - required: - - spec type: object served: true storage: true @@ -47228,25 +71024,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamaccessboundarypolicies.iam.cnrm.cloud.google.com + name: iampolicies.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAccessBoundaryPolicy - plural: iamaccessboundarypolicies + kind: IAMPolicy + plural: iampolicies shortNames: - - gcpiamaccessboundarypolicy - - gcpiamaccessboundarypolicies - singular: iamaccessboundarypolicy + - gcpiampolicy + - gcpiampolicies + singular: iampolicy preserveUnknownFields: false scope: Namespaced versions: @@ -47254,7 +71048,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True', the most recent reconcile of the resource succeeded + - description: When 'True' the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -47262,32 +71056,107 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: + description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'apiVersion defines the versioned schema of this representation + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'kind is a string value representing the REST resource this + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: IAMPolicySpec defines the desired state of IAMPolicy properties: - displayName: - description: The display name of the rule. - type: string - projectRef: + auditConfigs: + description: Optional. The list of IAM audit configs. + items: + description: Specifies the Cloud Audit Logs configuration for the + IAM policy. + properties: + auditLogConfigs: + description: Required. The configuration for logging of each + type of permission. + items: + properties: + exemptedMembers: + description: Identities that do not cause logging for + this type of permission. The format is the same as that + for 'members' in IAMPolicy/IAMPolicyMember. + items: + type: string + type: array + logType: + description: Permission type for which logging is to be + configured. Must be one of 'DATA_READ', 'DATA_WRITE', + or 'ADMIN_READ'. + pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ + type: string + required: + - logType + type: object + type: array + service: + description: 'Required. The service for which to enable Data + Access audit logs. The special value ''allServices'' covers + all services. Note that if there are audit configs covering + both ''allServices'' and a specific service, then the union + of the two audit configs is used for that service: the ''logTypes'' + specified in each ''auditLogConfig'' are enabled, and the + ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + type: string + required: + - auditLogConfigs + - service + type: object + type: array + bindings: + description: Optional. The list of IAM bindings. + items: + description: Specifies the members to bind to an IAM role. + properties: + condition: + description: Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + members: + description: Optional. The list of IAM users to be bound to + the role. + items: + type: string + type: array + role: + description: Required. The role to bind the users to. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + type: string + required: + - role + type: object + type: array + resourceRef: + description: Immutable. Required. The GCP resource to set the IAM + policy on. oneOf: - not: required: @@ -47302,81 +71171,39 @@ spec: - namespace required: - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: + apiVersion: + type: string external: - description: 'Allowed value: string of the format `cloudresourcemanager.googleapis.com%2Fprojects%2F{{value}}`, - where {{value}} is the `name` field of a `Project` resource.' + type: string + kind: type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Rules to be applied. - items: - properties: - accessBoundaryRule: - description: An access boundary rule in an IAM policy. - properties: - availabilityCondition: - description: The availability condition further constrains - the access allowed by the access boundary rule. - properties: - description: - description: |- - Description of the expression. This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression - in Common Expression Language syntax. - type: string - location: - description: |- - String indicating the location of the expression for error reporting, - e.g. a file name and a position in the file. - type: string - title: - description: |- - Title for the expression, i.e. a short string describing its purpose. - This can be used e.g. in UIs which allow to enter the expression. - type: string - required: - - expression - type: object - availablePermissions: - description: A list of permissions that may be allowed for - use on the specified resource. - items: - type: string - type: array - availableResource: - description: The full resource name of a Google Cloud resource - entity. - type: string - type: object - description: - description: The description of the rule. - type: string - type: object - type: array + type: string + required: + - kind + type: object required: - - projectRef - - rules + - resourceRef type: object status: + description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observation - of the resource's current state. + description: Conditions represent the latest available observations + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47400,19 +71227,15 @@ spec: type: string type: object type: array - etag: - description: The hash of the resource. Used internally during updates. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. + format: int64 type: integer type: object - required: - - spec type: object served: true storage: true @@ -47429,23 +71252,23 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/system: "true" - name: iamauditconfigs.iam.cnrm.cloud.google.com + name: iampolicymembers.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMAuditConfig - plural: iamauditconfigs + kind: IAMPolicyMember + plural: iampolicymembers shortNames: - - gcpiamauditconfig - - gcpiamauditconfigs - singular: iamauditconfig + - gcpiampolicymember + - gcpiampolicymembers + singular: iampolicymember preserveUnknownFields: false scope: Namespaced versions: @@ -47467,7 +71290,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: IAMAuditConfig is the schema for the IAM audit logging API. + description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -47482,32 +71305,116 @@ spec: metadata: type: object spec: - description: IAMAuditConfigSpec defines the desired state of IAMAuditConfig. + description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember + oneOf: + - required: + - member + - required: + - memberFrom properties: - auditLogConfigs: - description: Required. The configuration for logging of each type - of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for this type - of permission. The format is the same as that for 'members' - in IAMPolicy/IAMPolicyMember. - items: + condition: + description: Immutable. Optional. The condition under which the binding + applies. + properties: + description: + type: string + expression: + type: string + title: + type: string + required: + - expression + - title + type: object + member: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used. + type: string + memberFrom: + description: Immutable. The IAM identity to be bound to the role. + Exactly one of 'member' or 'memberFrom' must be used, and only one + subfield within 'memberFrom' can be used. + oneOf: + - required: + - logSinkRef + - required: + - serviceAccountRef + - required: + - serviceIdentityRef + - required: + - sqlInstanceRef + properties: + logSinkRef: + description: The LoggingLogSink whose writer identity (i.e. its + 'status.writerIdentity') is to be bound to the role. + properties: + name: type: string - type: array - logType: - description: Permission type for which logging is to be configured. - Must be one of 'DATA_READ', 'DATA_WRITE', or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array + namespace: + type: string + required: + - name + type: object + serviceAccountRef: + description: The IAMServiceAccount to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + serviceIdentityRef: + description: The ServiceIdentity whose service account (i.e., + its 'status.email') is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + sqlInstanceRef: + description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') + is to be bound to the role. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object resourceRef: - description: Immutable. Required. The GCP resource to set the IAMAuditConfig - on (e.g. project). + description: Immutable. Required. The GCP resource to set the IAM + policy on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - apiVersion + - required: + - external properties: apiVersion: type: string @@ -47522,26 +71429,21 @@ spec: required: - kind type: object - service: - description: 'Immutable. Required. The service for which to enable - Data Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering both - ''allServices'' and a specific service, then the union of the two - audit configs is used for that service: the ''logTypes'' specified - in each ''auditLogConfig'' are enabled, and the ''exemptedMembers'' - in each ''auditLogConfg'' are exempted.' + role: + description: Immutable. Required. The role for which the Member will + be bound. + pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ type: string required: - - auditLogConfigs - resourceRef - - service + - role type: object status: - description: IAMAuditConfigStatus defines the observed state of IAMAuditConfig. + description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: description: Conditions represent the latest available observations - of the IAMAuditConfig's current state. + of the IAM policy's current state. items: properties: lastTransitionTime: @@ -47590,25 +71492,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: iamcustomroles.iam.cnrm.cloud.google.com + name: iamserviceaccountkeys.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMCustomRole - plural: iamcustomroles + kind: IAMServiceAccountKey + plural: iamserviceaccountkeys shortNames: - - gcpiamcustomrole - - gcpiamcustomroles - singular: iamcustomrole + - gcpiamserviceaccountkey + - gcpiamserviceaccountkeys + singular: iamserviceaccountkey preserveUnknownFields: false scope: Namespaced versions: @@ -47646,254 +71548,24 @@ spec: type: object spec: properties: - description: - description: A human-readable description for the role. - type: string - permissions: - description: The names of the permissions this role grants when bound - in an IAM policy. At least one permission must be specified. - items: - type: string - type: array - resourceID: - description: Immutable. Optional. The roleId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + keyAlgorithm: + description: 'Immutable. The algorithm used to generate the key, used + only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid + values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' type: string - stage: - description: The current launch stage of the role. Defaults to GA. + privateKeyType: + description: Immutable. type: string - title: - description: A human-readable title for the role. + publicKeyData: + description: Immutable. A field that allows clients to upload their + own public key. If set, use this public key data to create a service + account key for given service account. Please note, the expected + format for this field is a base64 encoded X509_PEM. type: string - required: - - permissions - - title - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - deleted: - description: The current deleted state of the role. - type: boolean - name: - description: The full name of the role. + publicKeyType: + description: Immutable. type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/system: "true" - name: iampartialpolicies.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMPartialPolicy - plural: iampartialpolicies - shortNames: - - gcpiampartialpolicy - - gcpiampartialpolicies - singular: iampartialpolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True' the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: IAMPartialPolicy is the Schema for the iampartialpolicy API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IAMPartialPolicySpec defines the desired state of IAMPartialPolicy - properties: - bindings: - description: Optional. The list of IAM bindings managed by Config - Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - oneOf: - - required: - - member - - required: - - memberFrom - properties: - member: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. - type: string - memberFrom: - description: The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, - and only one subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity - (i.e. its 'status.writerIdentity') is to be bound - to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to - the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account - (i.e., its 'status.email') is to be bound to the - role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account - (i.e. its 'status.serviceAccountEmailAddress') is - to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - type: object - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ - type: string - required: - - role - type: object - type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + serviceAccountRef: oneOf: - not: required: @@ -47908,72 +71580,26 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - type: object - required: - - resourceRef - type: object - status: - description: IAMPartialPolicyStatus defines the observed state of IAMPartialPolicy - properties: - allBindings: - description: AllBindings surfaces all IAM bindings for the referenced - resource. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - serviceAccountRef + type: object + status: + properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -47997,48 +71623,38 @@ spec: type: string type: object type: array - lastAppliedBindings: - description: LastAppliedBindings is the list of IAM bindings that - were most recently applied by Config Connector. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - type: string - required: - - role - type: object - type: array + name: + description: Immutable. The name used for this key pair. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + privateKey: + description: The private key in JSON format, base64 encoded. This + is what you normally get as a file when creating service account + keys through the CLI or web console. This is only populated when + creating a new key. + type: string + publicKey: + description: Immutable. The public key, base64 encoded. + type: string + validAfter: + description: 'The key can be used after this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string + validBefore: + description: 'The key can be used before this timestamp. A timestamp + in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: + "2014-10-02T15:01:23.045123456Z".' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48055,23 +71671,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicies.iam.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: iamserviceaccounts.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicy - plural: iampolicies + kind: IAMServiceAccount + plural: iamserviceaccounts shortNames: - - gcpiampolicy - - gcpiampolicies - singular: iampolicy + - gcpiamserviceaccount + - gcpiamserviceaccounts + singular: iamserviceaccount preserveUnknownFields: false scope: Namespaced versions: @@ -48079,7 +71697,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48087,107 +71705,275 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicy is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicySpec defines the desired state of IAMPolicy properties: - auditConfigs: - description: Optional. The list of IAM audit configs. + description: + description: A text description of the service account. Must be less + than or equal to 256 UTF-8 bytes. + type: string + disabled: + description: Whether the service account is disabled. Defaults to + false. + type: boolean + displayName: + description: The display name for the service account. Can be updated + without creating a new resource. + type: string + resourceID: + description: Immutable. Optional. The accountId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. items: - description: Specifies the Cloud Audit Logs configuration for the - IAM policy. properties: - auditLogConfigs: - description: Required. The configuration for logging of each - type of permission. - items: - properties: - exemptedMembers: - description: Identities that do not cause logging for - this type of permission. The format is the same as that - for 'members' in IAMPolicy/IAMPolicyMember. - items: - type: string - type: array - logType: - description: Permission type for which logging is to be - configured. Must be one of 'DATA_READ', 'DATA_WRITE', - or 'ADMIN_READ'. - pattern: ^(DATA_READ|DATA_WRITE|ADMIN_READ)$ - type: string - required: - - logType - type: object - type: array - service: - description: 'Required. The service for which to enable Data - Access audit logs. The special value ''allServices'' covers - all services. Note that if there are audit configs covering - both ''allServices'' and a specific service, then the union - of the two audit configs is used for that service: the ''logTypes'' - specified in each ''auditLogConfig'' are enabled, and the - ''exemptedMembers'' in each ''auditLogConfg'' are exempted.' + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - required: - - auditLogConfigs - - service - type: object - type: array - bindings: - description: Optional. The list of IAM bindings. - items: - description: Specifies the members to bind to an IAM role. - properties: - condition: - description: Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - members: - description: Optional. The list of IAM users to be bound to - the role. - items: - type: string - type: array - role: - description: Required. The role to bind the users to. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. type: string - required: - - role type: object type: array - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + email: + description: The e-mail address of the service account. This value + should be referenced from any google_iam_policy data sources that + would grant the service account privileges. + type: string + member: + description: The Identity of the service account in the form 'serviceAccount:{email}'. + This value is often used to refer to the service account in order + to grant IAM permissions. + type: string + name: + description: The fully-qualified name of the service account. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uniqueId: + description: The unique id of the service account. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com +spec: + group: iam.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IAMWorkforcePoolProvider + plural: iamworkforcepoolproviders + shortNames: + - gcpiamworkforcepoolprovider + - gcpiamworkforcepoolproviders + singular: iamworkforcepoolprovider + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + attributeCondition: + description: 'A [Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. `google.profile_photo` and `google.display_name` + are not supported. * `attribute`: The custom attributes mapped from + the assertion in the `attribute_mappings`. The maximum length of + the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credentials will be accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' + type: string + attributeMapping: + additionalProperties: + type: string + description: 'Required. Maps attributes from the authentication credentials + issued by an external identity provider to Google Cloud attributes, + such as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. This is a required field and + the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups + the authenticating user belongs to. You can grant groups access + to resources using an IAM `principalSet` binding; access applies + to all members of the group. * `google.display_name`: The name of + the authenticated user. This is an optional field and the mapped + display name cannot exceed 100 bytes. If not set, `google.subject` + will be displayed instead. This attribute cannot be referenced in + IAM bindings. * `google.profile_photo`: The URL that specifies the + authenticated user''s thumbnail photo. This is an optional field. + When set, the image will be visible as the user''s profile picture. + If not set, a generic user icon will be displayed instead. This + attribute cannot be referenced in IAM bindings. You can also provide + custom attributes by specifying `attribute.{custom_attribute}`, + where {custom_attribute} is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workforce pool to Google Cloud resources. For example:' + type: object + description: + description: A user-specified description of the provider. Cannot + exceed 256 characters. + type: string + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A user-specified display name for the provider. Cannot + exceed 32 characters. + type: string + location: + description: Immutable. The location for the resource + type: string + oidc: + description: An OpenId Connect 1.0 identity provider configuration. + properties: + clientId: + description: Required. The client ID. Must match the audience + claim of the JWT issued by the identity provider. + type: string + issuerUri: + description: Required. The OIDC issuer URI. Must be a valid URI + using the 'https' scheme. + type: string + required: + - clientId + - issuerUri + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + saml: + description: A SAML identity provider configuration. + properties: + idpMetadataXml: + description: 'Required. SAML Identity provider configuration metadata + xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). + The max size of the acceptable xml document will be bounded + to 128k characters. The metadata xml document should satisfy + the following constraints: 1) Must contain an Identity Provider + Entity ID. 2) Must contain at least one non-expired signing + key certificate. 3) For each signing key: a) Valid from should + be no more than 7 days from now. b) Valid to should be no more + than 10 years in the future. 4) Up to 3 IdP signing keys are + allowed in the metadata xml. When updating the provider''s metadata + xml, at least one non-expired signing key must overlap with + the existing metadata. This requirement is skipped if there + are no non-expired signing keys present in the existing metadata.' + type: string + required: + - idpMetadataXml + type: object + workforcePoolRef: + description: Immutable. oneOf: - not: required: @@ -48202,39 +71988,30 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: |- + The workforce_pool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). type: string name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object required: - - resourceRef + - attributeMapping + - location + - workforcePoolRef type: object status: - description: IAMPolicyStatus defines the observed state of IAMPolicy properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48264,9 +72041,14 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48283,23 +72065,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iampolicymembers.iam.cnrm.cloud.google.com + name: iamworkforcepools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMPolicyMember - plural: iampolicymembers + kind: IAMWorkforcePool + plural: iamworkforcepools shortNames: - - gcpiampolicymember - - gcpiampolicymembers - singular: iampolicymember + - gcpiamworkforcepool + - gcpiamworkforcepools + singular: iamworkforcepool preserveUnknownFields: false scope: Namespaced versions: @@ -48307,7 +72091,7 @@ spec: - jsonPath: .metadata.creationTimestamp name: Age type: date - - description: When 'True' the most recent reconcile of the resource succeeded + - description: When 'True', the most recent reconcile of the resource succeeded jsonPath: .status.conditions[?(@.type=='Ready')].status name: Ready type: string @@ -48315,113 +72099,47 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].reason name: Status type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date name: v1beta1 schema: openAPIV3Schema: - description: IAMPolicyMember is the Schema for the iampolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation + description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this + description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: IAMPolicyMemberSpec defines the desired state of IAMPolicyMember - oneOf: - - required: - - member - - required: - - memberFrom properties: - condition: - description: Immutable. Optional. The condition under which the binding - applies. - properties: - description: - type: string - expression: - type: string - title: - type: string - required: - - expression - - title - type: object - member: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used. + description: + description: A user-specified description of the pool. Cannot exceed + 256 characters. + type: string + disabled: + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. + type: boolean + displayName: + description: A user-specified display name of the pool in Google Cloud + Console. Cannot exceed 32 characters. type: string - memberFrom: - description: Immutable. The IAM identity to be bound to the role. - Exactly one of 'member' or 'memberFrom' must be used, and only one - subfield within 'memberFrom' can be used. - oneOf: - - required: - - logSinkRef - - required: - - serviceAccountRef - - required: - - serviceIdentityRef - - required: - - sqlInstanceRef - properties: - logSinkRef: - description: The LoggingLogSink whose writer identity (i.e. its - 'status.writerIdentity') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceAccountRef: - description: The IAMServiceAccount to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - serviceIdentityRef: - description: The ServiceIdentity whose service account (i.e., - its 'status.email') is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - sqlInstanceRef: - description: The SQLInstance whose service account (i.e. its 'status.serviceAccountEmailAddress') - is to be bound to the role. - properties: - name: - type: string - namespace: - type: string - required: - - name - type: object - type: object - resourceRef: - description: Immutable. Required. The GCP resource to set the IAM - policy on. + location: + description: Immutable. The location for the resource + type: string + organizationRef: + description: Immutable. The Organization that this resource belongs + to. Only one of [organizationRef] may be specified. oneOf: - not: required: @@ -48436,45 +72154,41 @@ spec: - namespace required: - external - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - apiVersion - - required: - - external properties: - apiVersion: - type: string external: - type: string - kind: + description: 'Allowed value: The Google Cloud resource name of + a Google Cloud Organization (format: `organizations/{{name}}`).' type: string name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - kind type: object - role: - description: Immutable. Required. The role for which the Member will - be bound. - pattern: ^((projects|organizations)/[^/]+/)?roles/[\w_\.]+$ + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + sessionDuration: + description: How long the Google Cloud access tokens, console sign-in + sessions, and gcloud sign-in sessions from this pool are valid. + Must be greater than 15 minutes (900s) and less than 12 hours (43200s). + If `session_duration` is not configured, minted credentials will + have a default duration of one hour (3600s). type: string required: - - resourceRef - - role + - location + - organizationRef type: object status: - description: IAMPolicyMemberStatus defines the observed state of IAMPolicyMember properties: conditions: - description: Conditions represent the latest available observations - of the IAM policy's current state. + description: Conditions represent the latest available observation + of the resource's current state. items: properties: lastTransitionTime: @@ -48504,9 +72218,18 @@ spec: If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. - format: int64 type: integer + selfLink: + description: 'Output only. The resource name of the pool. Format: + `locations/{location}/workforcePools/{workforce_pool_id}`' + type: string + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' + type: string type: object + required: + - spec type: object served: true storage: true @@ -48523,25 +72246,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccountkeys.iam.cnrm.cloud.google.com + name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccountKey - plural: iamserviceaccountkeys + kind: IAMWorkloadIdentityPoolProvider + plural: iamworkloadidentitypoolproviders shortNames: - - gcpiamserviceaccountkey - - gcpiamserviceaccountkeys - singular: iamserviceaccountkey + - gcpiamworkloadidentitypoolprovider + - gcpiamworkloadidentitypoolproviders + singular: iamworkloadidentitypoolprovider preserveUnknownFields: false scope: Namespaced versions: @@ -48579,24 +72302,120 @@ spec: type: object spec: properties: - keyAlgorithm: - description: 'Immutable. The algorithm used to generate the key, used - only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid - values are: "KEY_ALG_RSA_1024", "KEY_ALG_RSA_2048".' + attributeCondition: + description: '[A Common Expression Language](https://opensource.google/projects/cel) + expression, in plain text, to restrict what otherwise valid authentication + credentials issued by the provider should not be accepted. The expression + must output a boolean representing whether to allow the federation. + The following keywords may be referenced in the expressions: * `assertion`: + JSON representing the authentication credential issued by the provider. + * `google`: The Google attributes mapped from the assertion in the + `attribute_mappings`. * `attribute`: The custom attributes mapped + from the assertion in the `attribute_mappings`. The maximum length + of the attribute condition expression is 4096 characters. If unspecified, + all valid authentication credential are accepted. The following + example shows how to only allow credentials with a mapped `google.groups` + value of `admins`: ``` "''admins'' in google.groups" ```' type: string - privateKeyType: - description: Immutable. + attributeMapping: + additionalProperties: + type: string + description: 'Maps attributes from authentication credentials issued + by an external identity provider to Google Cloud attributes, such + as `subject` and `segment`. Each key must be a string specifying + the Google Cloud IAM attribute to map to. The following keys are + supported: * `google.subject`: The principal IAM is authenticating. + You can reference this value in IAM bindings. This is also the subject + that appears in Cloud Logging logs. Cannot exceed 127 characters. + * `google.groups`: Groups the external identity belongs to. You + can grant groups access to resources using an IAM `principalSet` + binding; access applies to all members of the group. You can also + provide custom attributes by specifying `attribute.{custom_attribute}`, + where `{custom_attribute}` is the name of the custom attribute to + be mapped. You can define a maximum of 50 custom attributes. The + maximum length of a mapped attribute key is 100 characters, and + the key may only contain the characters [a-z0-9_]. You can reference + these attributes in IAM policies to define fine-grained access for + a workload to Google Cloud resources. For example: * `google.subject`: + `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` + * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` + * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` + Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) + function that maps an identity provider credential to the normalized + attribute specified by the corresponding map key. You can use the + `assertion` keyword in the expression to access a JSON representation + of the authentication credential issued by the provider. The maximum + length of an attribute mapping expression is 2048 characters. When + evaluated, the total size of all mapped attributes must not exceed + 8KB. For AWS providers, if no attribute mapping is defined, the + following default mapping applies: ``` { "google.subject":"assertion.arn", + "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" + " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" + " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", + } ``` If any custom attribute mappings are defined, they must include + a mapping to the `google.subject` attribute. For OIDC providers, + you must supply a custom mapping, which must include the `google.subject` + attribute. For example, the following maps the `sub` claim of the + incoming credential to the `subject` attribute on a Google token: + ``` {"google.subject": "assertion.sub"} ```' + type: object + aws: + description: An Amazon Web Services identity provider. + properties: + accountId: + description: Required. The AWS account ID. + type: string + stsUri: + description: A list of AWS STS URIs that can be used when exchanging + credentials. If not provided, any valid AWS STS URI is allowed. + URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, + where {region} is a valid AWS region. You can specify a maximum + of 25 URIs. + items: + type: string + type: array + required: + - accountId + type: object + description: + description: A description for the provider. Cannot exceed 256 characters. type: string - publicKeyData: - description: Immutable. A field that allows clients to upload their - own public key. If set, use this public key data to create a service - account key for given service account. Please note, the expected - format for this field is a base64 encoded X509_PEM. + disabled: + description: Whether the provider is disabled. You cannot use a disabled + provider to exchange tokens. However, existing tokens still grant + access. + type: boolean + displayName: + description: A display name for the provider. Cannot exceed 32 characters. type: string - publicKeyType: - description: Immutable. + location: + description: Immutable. The location for the resource type: string - serviceAccountRef: + oidc: + description: An OpenId Connect 1.0 identity provider. + properties: + allowedAudiences: + description: 'Acceptable values for the `aud` field (audience) + in the OIDC token. Token exchange requests are rejected if the + token audience does not match one of the configured values. + Each audience may be at most 256 characters. A maximum of 10 + audiences may be configured. If this list is empty, the OIDC + token audience must be equal to the full canonical resource + name of the WorkloadIdentityPoolProvider, with or without the + HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ + ```' + items: + type: string + type: array + issuerUri: + description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + type: string + required: + - issuerUri + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. oneOf: - not: required: @@ -48613,8 +72432,45 @@ spec: - external properties: external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + workloadIdentityPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The workloadIdentityPool for the resource + + Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -48624,7 +72480,9 @@ spec: type: string type: object required: - - serviceAccountRef + - location + - projectRef + - workloadIdentityPoolRef type: object status: properties: @@ -48654,9 +72512,6 @@ spec: type: string type: object type: array - name: - description: Immutable. The name used for this key pair. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48664,24 +72519,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key in JSON format, base64 encoded. This - is what you normally get as a file when creating service account - keys through the CLI or web console. This is only populated when - creating a new key. - type: string - publicKey: - description: Immutable. The public key, base64 encoded. - type: string - validAfter: - description: 'The key can be used after this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' - type: string - validBefore: - description: 'The key can be used before this timestamp. A timestamp - in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: - "2014-10-02T15:01:23.045123456Z".' + state: + description: 'Output only. The state of the provider. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object required: @@ -48702,25 +72542,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: iamserviceaccounts.iam.cnrm.cloud.google.com + name: iamworkloadidentitypools.iam.cnrm.cloud.google.com spec: group: iam.cnrm.cloud.google.com names: categories: - gcp - kind: IAMServiceAccount - plural: iamserviceaccounts + kind: IAMWorkloadIdentityPool + plural: iamworkloadidentitypools shortNames: - - gcpiamserviceaccount - - gcpiamserviceaccounts - singular: iamserviceaccount + - gcpiamworkloadidentitypool + - gcpiamworkloadidentitypools + singular: iamworkloadidentitypool preserveUnknownFields: false scope: Namespaced versions: @@ -48759,22 +72599,57 @@ spec: spec: properties: description: - description: A text description of the service account. Must be less - than or equal to 256 UTF-8 bytes. + description: A description of the pool. Cannot exceed 256 characters. type: string disabled: - description: Whether the service account is disabled. Defaults to - false. + description: Whether the pool is disabled. You cannot use a disabled + pool to exchange tokens, or use existing tokens to access resources. + If the pool is re-enabled, existing tokens grant access again. type: boolean displayName: - description: The display name for the service account. Can be updated - without creating a new resource. + description: A display name for the pool. Cannot exceed 32 characters. type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: - description: Immutable. Optional. The accountId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + required: + - location + - projectRef type: object status: properties: @@ -48804,19 +72679,6 @@ spec: type: string type: object type: array - email: - description: The e-mail address of the service account. This value - should be referenced from any google_iam_policy data sources that - would grant the service account privileges. - type: string - member: - description: The Identity of the service account in the form 'serviceAccount:{email}'. - This value is often used to refer to the service account in order - to grant IAM permissions. - type: string - name: - description: The fully-qualified name of the service account. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -48824,10 +72686,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - uniqueId: - description: The unique id of the service account. + state: + description: 'Output only. The state of the pool. Possible values: + STATE_UNSPECIFIED, ACTIVE, DELETED' type: string type: object + required: + - spec type: object served: true storage: true @@ -48844,25 +72709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepoolproviders.iam.cnrm.cloud.google.com + name: iapbrands.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePoolProvider - plural: iamworkforcepoolproviders + kind: IAPBrand + plural: iapbrands shortNames: - - gcpiamworkforcepoolprovider - - gcpiamworkforcepoolproviders - singular: iamworkforcepoolprovider + - gcpiapbrand + - gcpiapbrands + singular: iapbrand preserveUnknownFields: false scope: Namespaced versions: @@ -48899,144 +72764,20 @@ spec: metadata: type: object spec: - properties: - attributeCondition: - description: 'A [Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. `google.profile_photo` and `google.display_name` - are not supported. * `attribute`: The custom attributes mapped from - the assertion in the `attribute_mappings`. The maximum length of - the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credentials will be accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: - type: string - description: 'Required. Maps attributes from the authentication credentials - issued by an external identity provider to Google Cloud attributes, - such as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. This is a required field and - the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups - the authenticating user belongs to. You can grant groups access - to resources using an IAM `principalSet` binding; access applies - to all members of the group. * `google.display_name`: The name of - the authenticated user. This is an optional field and the mapped - display name cannot exceed 100 bytes. If not set, `google.subject` - will be displayed instead. This attribute cannot be referenced in - IAM bindings. * `google.profile_photo`: The URL that specifies the - authenticated user''s thumbnail photo. This is an optional field. - When set, the image will be visible as the user''s profile picture. - If not set, a generic user icon will be displayed instead. This - attribute cannot be referenced in IAM bindings. You can also provide - custom attributes by specifying `attribute.{custom_attribute}`, - where {custom_attribute} is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workforce pool to Google Cloud resources. For example:' - type: object - description: - description: A user-specified description of the provider. Cannot - exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A user-specified display name for the provider. Cannot - exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider configuration. - properties: - clientId: - description: Required. The client ID. Must match the audience - claim of the JWT issued by the identity provider. - type: string - issuerUri: - description: Required. The OIDC issuer URI. Must be a valid URI - using the 'https' scheme. - type: string - required: - - clientId - - issuerUri - type: object + properties: + applicationTitle: + description: Immutable. Application name displayed on OAuth consent + screen. + type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + supportEmail: + description: Immutable. Support email displayed on the OAuth consent + screen. type: string - saml: - description: A SAML identity provider configuration. - properties: - idpMetadataXml: - description: 'Required. SAML Identity provider configuration metadata - xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). - The max size of the acceptable xml document will be bounded - to 128k characters. The metadata xml document should satisfy - the following constraints: 1) Must contain an Identity Provider - Entity ID. 2) Must contain at least one non-expired signing - key certificate. 3) For each signing key: a) Valid from should - be no more than 7 days from now. b) Valid to should be no more - than 10 years in the future. 4) Up to 3 IdP signing keys are - allowed in the metadata xml. When updating the provider''s metadata - xml, at least one non-expired signing key must overlap with - the existing metadata. This requirement is skipped if there - are no non-expired signing keys present in the existing metadata.' - type: string - required: - - idpMetadataXml - type: object - workforcePoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The workforce_pool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkforcePool` resource (format: `locations/{{location}}/workforcePools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - attributeMapping - - location - - workforcePoolRef type: object status: properties: @@ -49073,13 +72814,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string + orgInternalOnly: + description: Output only. Whether the brand is only intended for usage + inside the G Suite organization only. + type: boolean type: object - required: - - spec type: object served: true storage: true @@ -49096,25 +72835,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkforcepools.iam.cnrm.cloud.google.com + name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: iap.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkforcePool - plural: iamworkforcepools + kind: IAPIdentityAwareProxyClient + plural: iapidentityawareproxyclients shortNames: - - gcpiamworkforcepool - - gcpiamworkforcepools - singular: iamworkforcepool + - gcpiapidentityawareproxyclient + - gcpiapidentityawareproxyclients + singular: iapidentityawareproxyclient preserveUnknownFields: false scope: Namespaced versions: @@ -49152,25 +72891,8 @@ spec: type: object spec: properties: - description: - description: A user-specified description of the pool. Cannot exceed - 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A user-specified display name of the pool in Google Cloud - Console. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - organizationRef: - description: Immutable. The Organization that this resource belongs - to. Only one of [organizationRef] may be specified. + brandRef: + description: Immutable. oneOf: - not: required: @@ -49187,33 +72909,28 @@ spec: - external properties: external: - description: 'Allowed value: The Google Cloud resource name of - a Google Cloud Organization (format: `organizations/{{name}}`).' + description: |- + The brand for the resource + + Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). type: string name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + displayName: + description: Immutable. Human-friendly name given to the OAuth client. type: string - sessionDuration: - description: How long the Google Cloud access tokens, console sign-in - sessions, and gcloud sign-in sessions from this pool are valid. - Must be greater than 15 minutes (900s) and less than 12 hours (43200s). - If `session_duration` is not configured, minted credentials will - have a default duration of one hour (3600s). + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - location - - organizationRef + - brandRef type: object status: properties: @@ -49250,13 +72967,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: 'Output only. The resource name of the pool. Format: - `locations/{location}/workforcePools/{workforce_pool_id}`' - type: string - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + secret: + description: Output only. Client secret of the OAuth client. type: string type: object required: @@ -49277,25 +72989,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypoolproviders.iam.cnrm.cloud.google.com + name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iam.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAMWorkloadIdentityPoolProvider - plural: iamworkloadidentitypoolproviders + kind: IdentityPlatformConfig + plural: identityplatformconfigs shortNames: - - gcpiamworkloadidentitypoolprovider - - gcpiamworkloadidentitypoolproviders - singular: iamworkloadidentitypoolprovider + - gcpidentityplatformconfig + - gcpidentityplatformconfigs + singular: identityplatformconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49333,117 +73045,332 @@ spec: type: object spec: properties: - attributeCondition: - description: '[A Common Expression Language](https://opensource.google/projects/cel) - expression, in plain text, to restrict what otherwise valid authentication - credentials issued by the provider should not be accepted. The expression - must output a boolean representing whether to allow the federation. - The following keywords may be referenced in the expressions: * `assertion`: - JSON representing the authentication credential issued by the provider. - * `google`: The Google attributes mapped from the assertion in the - `attribute_mappings`. * `attribute`: The custom attributes mapped - from the assertion in the `attribute_mappings`. The maximum length - of the attribute condition expression is 4096 characters. If unspecified, - all valid authentication credential are accepted. The following - example shows how to only allow credentials with a mapped `google.groups` - value of `admins`: ``` "''admins'' in google.groups" ```' - type: string - attributeMapping: - additionalProperties: + authorizedDomains: + description: List of domains authorized for OAuth redirects + items: type: string - description: 'Maps attributes from authentication credentials issued - by an external identity provider to Google Cloud attributes, such - as `subject` and `segment`. Each key must be a string specifying - the Google Cloud IAM attribute to map to. The following keys are - supported: * `google.subject`: The principal IAM is authenticating. - You can reference this value in IAM bindings. This is also the subject - that appears in Cloud Logging logs. Cannot exceed 127 characters. - * `google.groups`: Groups the external identity belongs to. You - can grant groups access to resources using an IAM `principalSet` - binding; access applies to all members of the group. You can also - provide custom attributes by specifying `attribute.{custom_attribute}`, - where `{custom_attribute}` is the name of the custom attribute to - be mapped. You can define a maximum of 50 custom attributes. The - maximum length of a mapped attribute key is 100 characters, and - the key may only contain the characters [a-z0-9_]. You can reference - these attributes in IAM policies to define fine-grained access for - a workload to Google Cloud resources. For example: * `google.subject`: - `principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}` - * `google.groups`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}` - * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}` - Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) - function that maps an identity provider credential to the normalized - attribute specified by the corresponding map key. You can use the - `assertion` keyword in the expression to access a JSON representation - of the authentication credential issued by the provider. The maximum - length of an attribute mapping expression is 2048 characters. When - evaluated, the total size of all mapped attributes must not exceed - 8KB. For AWS providers, if no attribute mapping is defined, the - following default mapping applies: ``` { "google.subject":"assertion.arn", - "attribute.aws_role": "assertion.arn.contains(''assumed-role'')" - " ? assertion.arn.extract(''{account_arn}assumed-role/'')" " + ''assumed-role/''" - " + assertion.arn.extract(''assumed-role/{role_name}/'')" " : assertion.arn", - } ``` If any custom attribute mappings are defined, they must include - a mapping to the `google.subject` attribute. For OIDC providers, - you must supply a custom mapping, which must include the `google.subject` - attribute. For example, the following maps the `sub` claim of the - incoming credential to the `subject` attribute on a Google token: - ``` {"google.subject": "assertion.sub"} ```' + type: array + blockingFunctions: + description: Configuration related to blocking functions. + properties: + triggers: + additionalProperties: + properties: + functionUriRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + HTTP URI trigger for the Cloud Function. + + Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + updateTime: + description: When the trigger was changed. + format: date-time + type: string + type: object + description: 'Map of Trigger to event type. Key should be one + of the supported event types: "beforeCreate", "beforeSignIn"' + type: object type: object - aws: - description: An Amazon Web Services identity provider. + client: + description: Options related to how clients making requests on behalf + of a project should be configured. properties: - accountId: - description: Required. The AWS account ID. + permissions: + description: Configuration related to restricting a user's ability + to affect their account. + properties: + disabledUserDeletion: + description: When true, end users cannot delete their account + on the associated project through any of our API methods + type: boolean + disabledUserSignup: + description: When true, end users cannot sign up for a new + account on the associated project through any of our API + methods + type: boolean + type: object + type: object + mfa: + description: Configuration for this project's multi-factor authentication, + including whether it is active and what factors can be used for + the second factor + properties: + state: + description: 'Whether MultiFactor Authentication has been enabled + for this project. Possible values: STATE_UNSPECIFIED, DISABLED, + ENABLED, MANDATORY' type: string - stsUri: - description: A list of AWS STS URIs that can be used when exchanging - credentials. If not provided, any valid AWS STS URI is allowed. - URIs must use the form `https://sts.amazonaws.com` or `https://sts.{region}.amazonaws.com`, - where {region} is a valid AWS region. You can specify a maximum - of 25 URIs. - items: - type: string - type: array - required: - - accountId type: object - description: - description: A description for the provider. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the provider is disabled. You cannot use a disabled - provider to exchange tokens. However, existing tokens still grant - access. - type: boolean - displayName: - description: A display name for the provider. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - oidc: - description: An OpenId Connect 1.0 identity provider. + monitoring: + description: Configuration related to monitoring project activity. properties: - allowedAudiences: - description: 'Acceptable values for the `aud` field (audience) - in the OIDC token. Token exchange requests are rejected if the - token audience does not match one of the configured values. - Each audience may be at most 256 characters. A maximum of 10 - audiences may be configured. If this list is empty, the OIDC - token audience must be equal to the full canonical resource - name of the WorkloadIdentityPoolProvider, with or without the - HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ - ```' - items: - type: string - type: array - issuerUri: - description: Required. The OIDC issuer URL. Must be an HTTPS endpoint. + requestLogging: + description: Configuration for logging requests made to this project + to Stackdriver Logging + properties: + enabled: + description: Whether logging is enabled for this project or + not. + type: boolean + type: object + type: object + multiTenant: + description: Configuration related to multi-tenant functionality. + properties: + allowTenants: + description: Whether this project can have tenants or not. + type: boolean + defaultTenantLocationRef: + oneOf: + - not: + required: + - external + required: + - name + - kind + - not: + anyOf: + - required: + - name + - required: + - namespace + - required: + - kind + required: + - external + properties: + external: + description: |- + The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. + + Allowed values: + * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). + * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). + type: string + kind: + description: 'Kind of the referent. Allowed values: Folder' + type: string + name: + description: |- + [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + notification: + description: Configuration related to sending notifications to users. + properties: + defaultLocale: + description: Default locale used for email and SMS in IETF BCP + 47 format. type: string - required: - - issuerUri + sendEmail: + description: Options for email sending. + properties: + callbackUri: + description: action url in email template. + type: string + changeEmailTemplate: + description: Email template for change email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + dnsInfo: + description: Information of custom domain DNS verification. + properties: + useCustomDomain: + description: Whether to use custom domain. + type: boolean + type: object + method: + description: 'The method used for sending an email. Possible + values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' + type: string + resetPasswordTemplate: + description: Email template for reset password + properties: + body: + description: Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + revertSecondFactorAdditionTemplate: + description: Email template for reverting second factor addition + emails + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + smtp: + description: Use a custom SMTP relay + properties: + host: + description: SMTP relay host + type: string + password: + description: SMTP relay password + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + port: + description: SMTP relay port + format: int64 + type: integer + securityMode: + description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, + SSL, START_TLS' + type: string + senderEmail: + description: Sender email for the SMTP relay + type: string + username: + description: SMTP relay username + type: string + type: object + verifyEmailTemplate: + description: Email template for verify email + properties: + body: + description: Immutable. Email body + type: string + bodyFormat: + description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, + PLAIN_TEXT, HTML' + type: string + replyTo: + description: Reply-to address + type: string + senderDisplayName: + description: Sender display name + type: string + senderLocalPart: + description: Local part of From address + type: string + subject: + description: Subject of the email + type: string + type: object + type: object + sendSms: + description: Options for SMS sending. + properties: + useDeviceLocale: + description: Whether to use the accept_language header for + SMS. + type: boolean + type: object type: object projectRef: description: Immutable. The Project that this resource belongs to. @@ -49464,7 +73391,7 @@ spec: properties: external: description: |- - The project for the resource + The project of the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -49475,215 +73402,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - workloadIdentityPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + quota: + description: Configuration related to quotas. properties: - external: - description: |- - The workloadIdentityPool for the resource - - Allowed value: The Google Cloud resource name of an `IAMWorkloadIdentityPool` resource (format: `projects/{{project}}/locations/{{location}}/workloadIdentityPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + signUpQuotaConfig: + description: Quota for the Signup endpoint, if overwritten. Signup + quota is measured in sign ups per project per hour per IP. + properties: + quota: + description: Corresponds to the 'refill_token_count' field + in QuotaServer config + format: int64 + type: integer + quotaDuration: + description: How long this quota will be active for + type: string + startTime: + description: When this quota will take affect + format: date-time + type: string + type: object + type: object + signIn: + description: Configuration related to local sign in methods. + properties: + allowDuplicateEmails: + description: Whether to allow more than one account to have the + same email. + type: boolean + anonymous: + description: Configuration options related to authenticating an + anonymous user. + properties: + enabled: + description: Whether anonymous user auth is enabled for the + project or not. + type: boolean + type: object + email: + description: Configuration options related to authenticating a + user by their email address. + properties: + enabled: + description: Whether email auth is enabled for the project + or not. + type: boolean + passwordRequired: + description: Whether a password is required for email auth + or not. If true, both an email and password must be provided + to sign in. If false, a user may sign in via either email/password + or email link. + type: boolean + type: object + phoneNumber: + description: Configuration options related to authenticated a + user by their phone number. + properties: + enabled: + description: Whether phone number auth is enabled for the + project or not. + type: boolean + testPhoneNumbers: + additionalProperties: + type: string + description: A map of that can be used for phone auth testing. + type: object + type: object type: object required: - - location - projectRef - - workloadIdentityPoolRef type: object status: properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - state: - description: 'Output only. The state of the provider. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: iamworkloadidentitypools.iam.cnrm.cloud.google.com -spec: - group: iam.cnrm.cloud.google.com - names: - categories: - - gcp - kind: IAMWorkloadIdentityPool - plural: iamworkloadidentitypools - shortNames: - - gcpiamworkloadidentitypool - - gcpiamworkloadidentitypools - singular: iamworkloadidentitypool - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - description: - description: A description of the pool. Cannot exceed 256 characters. - type: string - disabled: - description: Whether the pool is disabled. You cannot use a disabled - pool to exchange tokens, or use existing tokens to access resources. - If the pool is re-enabled, existing tokens grant access again. - type: boolean - displayName: - description: A display name for the pool. Cannot exceed 32 characters. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + client: properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + apiKey: + description: Output only. API key that can be used when making + requests for this project. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + firebaseSubdomain: + description: Output only. Firebase subdomain. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - location - - projectRef - type: object - status: - properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -49710,6 +73510,79 @@ spec: type: string type: object type: array + notification: + properties: + sendEmail: + properties: + changeEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + dnsInfo: + properties: + customDomain: + description: Output only. The applied verified custom + domain. + type: string + customDomainState: + description: 'Output only. The current verification state + of the custom domain. The custom domain will only be + used once the domain verification is successful. Possible + values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, + IN_PROGRESS, FAILED, SUCCEEDED' + type: string + domainVerificationRequestTime: + description: Output only. The timestamp of initial request + for the current domain verification. + format: date-time + type: string + pendingCustomDomain: + description: Output only. The custom domain that's to + be verified. + type: string + type: object + resetPasswordTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + revertSecondFactorAdditionTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + verifyEmailTemplate: + properties: + customized: + description: Output only. Whether the body or subject + of the email is customized. + type: boolean + type: object + type: object + sendSms: + properties: + smsTemplate: + description: Output only. The template to use when sending + an SMS. + properties: + content: + description: 'Output only. The SMS''s content. Can contain + the following placeholders which will be replaced with + the appropriate values: %APP_NAME% - For Android or + iOS apps, the app''s display name. For web apps, the + domain hosting the application. %LOGIN_CODE% - The OOB + code being sent in the SMS.' + type: string + type: object + type: object + type: object observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49717,9 +73590,77 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The state of the pool. Possible values: - STATE_UNSPECIFIED, ACTIVE, DELETED' + signIn: + properties: + email: + properties: + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, + MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, + SHA512, STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation + algorithms. See https://tools.ietf.org/html/rfc7914 + for explanation of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation + algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be + inserted between the salt and plain text password in + base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + hashConfig: + description: Output only. Hash config information. + properties: + algorithm: + description: 'Output only. Different password hash algorithms + used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, + HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, + HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, + STANDARD_SCRYPT' + type: string + memoryCost: + description: Output only. Memory cost for hash calculation. + Used by scrypt and other similar password derivation algorithms. + See https://tools.ietf.org/html/rfc7914 for explanation + of field. + format: int64 + type: integer + rounds: + description: Output only. How many rounds for hash calculation. + Used by scrypt and other similar password derivation algorithms. + format: int64 + type: integer + saltSeparator: + description: Output only. Non-printable character to be inserted + between the salt and plain text password in base64. + type: string + signerKey: + description: Output only. Signer key in base64. + type: string + type: object + type: object + subtype: + description: 'Output only. The subtype of this config. Possible values: + SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' type: string type: object required: @@ -49740,25 +73681,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapbrands.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPBrand - plural: iapbrands + kind: IdentityPlatformDefaultSupportedIDPConfig + plural: identityplatformdefaultsupportedidpconfigs shortNames: - - gcpiapbrand - - gcpiapbrands - singular: iapbrand + - gcpidentityplatformdefaultsupportedidpconfig + - gcpidentityplatformdefaultsupportedidpconfigs + singular: identityplatformdefaultsupportedidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49778,7 +73719,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49796,19 +73737,51 @@ spec: type: object spec: properties: - applicationTitle: - description: Immutable. Application name displayed on OAuth consent - screen. + clientId: + description: OAuth client ID. type: string - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + clientSecret: + description: OAuth client secret. type: string - supportEmail: - description: Immutable. Support email displayed on the OAuth consent - screen. + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + required: + - clientId + - clientSecret + - projectRef type: object status: properties: @@ -49838,6 +73811,9 @@ spec: type: string type: object type: array + name: + description: The name of the DefaultSupportedIdpConfig resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -49845,11 +73821,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - orgInternalOnly: - description: Output only. Whether the brand is only intended for usage - inside the G Suite organization only. - type: boolean type: object + required: + - spec type: object served: true storage: true @@ -49866,25 +73840,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: iapidentityawareproxyclients.iap.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatforminboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: - group: iap.cnrm.cloud.google.com + group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IAPIdentityAwareProxyClient - plural: iapidentityawareproxyclients + kind: IdentityPlatformInboundSAMLConfig + plural: identityplatforminboundsamlconfigs shortNames: - - gcpiapidentityawareproxyclient - - gcpiapidentityawareproxyclients - singular: iapidentityawareproxyclient + - gcpidentityplatforminboundsamlconfig + - gcpidentityplatforminboundsamlconfigs + singular: identityplatforminboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -49904,7 +73878,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -49922,8 +73896,42 @@ spec: type: object spec: properties: - brandRef: - description: Immutable. + displayName: + description: Human friendly display name. + type: string + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IdP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The IdP's x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -49940,10 +73948,7 @@ spec: - external properties: external: - description: |- - The brand for the resource - - Allowed value: The Google Cloud resource name of an `IAPBrand` resource (format: `projects/{{project}}/brands/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -49952,16 +73957,39 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - displayName: - description: Immutable. Human-friendly name given to the OAuth client. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. + properties: + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + type: object required: - - brandRef + - displayName + - idpConfig + - projectRef + - spConfig type: object status: properties: @@ -49998,9 +74026,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - secret: - description: Output only. Client secret of the OAuth client. - type: string type: object required: - spec @@ -50020,25 +74045,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: identityplatformconfigs.identityplatform.cnrm.cloud.google.com + name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformConfig - plural: identityplatformconfigs + kind: IdentityPlatformOAuthIDPConfig + plural: identityplatformoauthidpconfigs shortNames: - - gcpidentityplatformconfig - - gcpidentityplatformconfigs - singular: identityplatformconfig + - gcpidentityplatformoauthidpconfig + - gcpidentityplatformoauthidpconfigs + singular: identityplatformoauthidpconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50076,335 +74101,191 @@ spec: type: object spec: properties: - authorizedDomains: - description: List of domains authorized for OAuth redirects - items: - type: string - type: array - blockingFunctions: - description: Configuration related to blocking functions. - properties: - triggers: - additionalProperties: - properties: - functionUriRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - HTTP URI trigger for the Cloud Function. - - Allowed value: The `httpsTrigger.url` field of a `CloudFunctionsFunction` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - updateTime: - description: When the trigger was changed. - format: date-time - type: string - type: object - description: 'Map of Trigger to event type. Key should be one - of the supported event types: "beforeCreate", "beforeSignIn"' - type: object - type: object - client: - description: Options related to how clients making requests on behalf - of a project should be configured. - properties: - permissions: - description: Configuration related to restricting a user's ability - to affect their account. - properties: - disabledUserDeletion: - description: When true, end users cannot delete their account - on the associated project through any of our API methods - type: boolean - disabledUserSignup: - description: When true, end users cannot sign up for a new - account on the associated project through any of our API - methods - type: boolean - type: object - type: object - mfa: - description: Configuration for this project's multi-factor authentication, - including whether it is active and what factors can be used for - the second factor - properties: - state: - description: 'Whether MultiFactor Authentication has been enabled - for this project. Possible values: STATE_UNSPECIFIED, DISABLED, - ENABLED, MANDATORY' - type: string - type: object - monitoring: - description: Configuration related to monitoring project activity. - properties: - requestLogging: - description: Configuration for logging requests made to this project - to Stackdriver Logging - properties: - enabled: - description: Whether logging is enabled for this project or - not. - type: boolean - type: object - type: object - multiTenant: - description: Configuration related to multi-tenant functionality. - properties: - allowTenants: - description: Whether this project can have tenants or not. - type: boolean - defaultTenantLocationRef: - oneOf: - - not: - required: - - external - required: - - name - - kind - - not: - anyOf: - - required: - - name - - required: - - namespace - - required: - - kind - required: - - external - properties: - external: - description: |- - The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project. - - Allowed values: - * The Google Cloud resource name of a `Folder` resource (format: `folders/{{name}}`). - * The Google Cloud resource name of a Google Cloud Organization (format: `organizations/{{name}}`). - type: string - kind: - description: 'Kind of the referent. Allowed values: Folder' - type: string - name: - description: |- - [WARNING] Organization not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - notification: - description: Configuration related to sending notifications to users. + clientId: + description: The client id of an OAuth client. + type: string + clientSecret: + description: The client secret of the OAuth client, to enable OIDC + code flow. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom properties: - defaultLocale: - description: Default locale used for email and SMS in IETF BCP - 47 format. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - sendEmail: - description: Options for email sending. + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. properties: - callbackUri: - description: action url in email template. - type: string - changeEmailTemplate: - description: Email template for change email - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - dnsInfo: - description: Information of custom domain DNS verification. - properties: - useCustomDomain: - description: Whether to use custom domain. - type: boolean - type: object - method: - description: 'The method used for sending an email. Possible - values: METHOD_UNSPECIFIED, DEFAULT, CUSTOM_SMTP' - type: string - resetPasswordTemplate: - description: Email template for reset password - properties: - body: - description: Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - revertSecondFactorAdditionTemplate: - description: Email template for reverting second factor addition - emails - properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address - type: string - subject: - description: Subject of the email - type: string - type: object - smtp: - description: Use a custom SMTP relay - properties: - host: - description: SMTP relay host - type: string - password: - description: SMTP relay password - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - port: - description: SMTP relay port - format: int64 - type: integer - securityMode: - description: 'SMTP security mode. Possible values: SECURITY_MODE_UNSPECIFIED, - SSL, START_TLS' - type: string - senderEmail: - description: Sender email for the SMTP relay - type: string - username: - description: SMTP relay username - type: string - type: object - verifyEmailTemplate: - description: Email template for verify email + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. properties: - body: - description: Immutable. Email body - type: string - bodyFormat: - description: 'Email body format Possible values: BODY_FORMAT_UNSPECIFIED, - PLAIN_TEXT, HTML' - type: string - replyTo: - description: Reply-to address - type: string - senderDisplayName: - description: Sender display name - type: string - senderLocalPart: - description: Local part of From address + key: + description: Key that identifies the value to be extracted. type: string - subject: - description: Subject of the email + name: + description: Name of the Secret to extract a value from. type: string + required: + - name + - key type: object type: object - sendSms: - description: Options for SMS sending. - properties: - useDeviceLocale: - description: Whether to use the accept_language header for - SMS. - type: boolean - type: object type: object + displayName: + description: The config's display name set by developers. + type: string + enabled: + description: True if allows the user to sign in with the provider. + type: boolean + issuer: + description: For OIDC Idps, the issuer identifier. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + responseType: + description: 'The multiple response type to request for in the OAuth + authorization flow. This can possibly be a combination of set bits + (e.g.: {id\_token, token}).' + properties: + code: + description: If true, authorization code is returned from IdP's + authorization endpoint. + type: boolean + idToken: + description: If true, ID token is returned from IdP's authorization + endpoint. + type: boolean + token: + description: If true, access token is returned from IdP's authorization + endpoint. + type: boolean + type: object + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformprojectdefaultconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformProjectDefaultConfig + plural: identityplatformprojectdefaultconfigs + shortNames: + - gcpidentityplatformprojectdefaultconfig + - gcpidentityplatformprojectdefaultconfigs + singular: identityplatformprojectdefaultconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -50421,10 +74302,7 @@ spec: - external properties: external: - description: |- - The project of the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -50433,27 +74311,11 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - quota: - description: Configuration related to quotas. - properties: - signUpQuotaConfig: - description: Quota for the Signup endpoint, if overwritten. Signup - quota is measured in sign ups per project per hour per IP. - properties: - quota: - description: Corresponds to the 'refill_token_count' field - in QuotaServer config - format: int64 - type: integer - quotaDuration: - description: How long this quota will be active for - type: string - startTime: - description: When this quota will take affect - format: date-time - type: string - type: object - type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string signIn: description: Configuration related to local sign in methods. properties: @@ -50469,6 +74331,8 @@ spec: description: Whether anonymous user auth is enabled for the project or not. type: boolean + required: + - enabled type: object email: description: Configuration options related to authenticating a @@ -50479,12 +74343,39 @@ spec: or not. type: boolean passwordRequired: - description: Whether a password is required for email auth - or not. If true, both an email and password must be provided - to sign in. If false, a user may sign in via either email/password - or email link. + description: "Whether a password is required for email auth + or not. If true, both an email and \npassword must be provided + to sign in. If false, a user may sign in via either \nemail/password + or email link." type: boolean type: object + hashConfig: + description: Output only. Hash config information. + items: + properties: + algorithm: + description: Different password hash algorithms used in + Identity Toolkit. + type: string + memoryCost: + description: Memory cost for hash calculation. Used by scrypt + and other similar password derivation algorithms. See + https://tools.ietf.org/html/rfc7914 for explanation of + field. + type: integer + rounds: + description: How many rounds for hash calculation. Used + by scrypt and other similar password derivation algorithms. + type: integer + saltSeparator: + description: Non-printable character to be inserted between + the salt and plain text password in base64. + type: string + signerKey: + description: Signer key in base64. + type: string + type: object + type: array phoneNumber: description: Configuration options related to authenticated a user by their phone number. @@ -50496,7 +74387,8 @@ spec: testPhoneNumbers: additionalProperties: type: string - description: A map of that can be used for phone auth testing. + description: A map of that + can be used for phone auth testing. type: object type: object type: object @@ -50505,16 +74397,170 @@ spec: type: object status: properties: - client: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: 'The name of the Config resource. Example: "projects/my-awesome-project/config".' + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantdefaultsupportedidpconfigs.identityplatform.cnrm.cloud.google.com +spec: + group: identityplatform.cnrm.cloud.google.com + names: + categories: + - gcp + kind: IdentityPlatformTenantDefaultSupportedIDPConfig + plural: identityplatformtenantdefaultsupportedidpconfigs + shortNames: + - gcpidentityplatformtenantdefaultsupportedidpconfig + - gcpidentityplatformtenantdefaultsupportedidpconfigs + singular: identityplatformtenantdefaultsupportedidpconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + clientId: + description: OAuth client ID. + type: string + clientSecret: + description: OAuth client secret. + type: string + enabled: + description: If this IDP allows the user to sign in. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - apiKey: - description: Output only. API key that can be used when making - requests for this project. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - firebaseSubdomain: - description: Output only. Firebase subdomain. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The idpId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tenant: + description: Immutable. The name of the tenant where this DefaultSupportedIdpConfig + resource exists. + type: string + required: + - clientId + - clientSecret + - projectRef + - tenant + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -50541,79 +74587,9 @@ spec: type: string type: object type: array - notification: - properties: - sendEmail: - properties: - changeEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - dnsInfo: - properties: - customDomain: - description: Output only. The applied verified custom - domain. - type: string - customDomainState: - description: 'Output only. The current verification state - of the custom domain. The custom domain will only be - used once the domain verification is successful. Possible - values: VERIFICATION_STATE_UNSPECIFIED, NOT_STARTED, - IN_PROGRESS, FAILED, SUCCEEDED' - type: string - domainVerificationRequestTime: - description: Output only. The timestamp of initial request - for the current domain verification. - format: date-time - type: string - pendingCustomDomain: - description: Output only. The custom domain that's to - be verified. - type: string - type: object - resetPasswordTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - revertSecondFactorAdditionTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - verifyEmailTemplate: - properties: - customized: - description: Output only. Whether the body or subject - of the email is customized. - type: boolean - type: object - type: object - sendSms: - properties: - smsTemplate: - description: Output only. The template to use when sending - an SMS. - properties: - content: - description: 'Output only. The SMS''s content. Can contain - the following placeholders which will be replaced with - the appropriate values: %APP_NAME% - For Android or - iOS apps, the app''s display name. For web apps, the - domain hosting the application. %LOGIN_CODE% - The OOB - code being sent in the SMS.' - type: string - type: object - type: object - type: object + name: + description: The name of the default supported IDP config resource. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -50621,78 +74597,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - signIn: - properties: - email: - properties: - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, - MD5, HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, - SHA512, STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation - algorithms. See https://tools.ietf.org/html/rfc7914 - for explanation of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation - algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be - inserted between the salt and plain text password in - base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - hashConfig: - description: Output only. Hash config information. - properties: - algorithm: - description: 'Output only. Different password hash algorithms - used in Identity Toolkit. Possible values: HASH_ALGORITHM_UNSPECIFIED, - HMAC_SHA256, HMAC_SHA1, HMAC_MD5, SCRYPT, PBKDF_SHA1, MD5, - HMAC_SHA512, SHA1, BCRYPT, PBKDF2_SHA256, SHA256, SHA512, - STANDARD_SCRYPT' - type: string - memoryCost: - description: Output only. Memory cost for hash calculation. - Used by scrypt and other similar password derivation algorithms. - See https://tools.ietf.org/html/rfc7914 for explanation - of field. - format: int64 - type: integer - rounds: - description: Output only. How many rounds for hash calculation. - Used by scrypt and other similar password derivation algorithms. - format: int64 - type: integer - saltSeparator: - description: Output only. Non-printable character to be inserted - between the salt and plain text password in base64. - type: string - signerKey: - description: Output only. Signer key in base64. - type: string - type: object - type: object - subtype: - description: 'Output only. The subtype of this config. Possible values: - SUBTYPE_UNSPECIFIED, IDENTITY_PLATFORM, FIREBASE_AUTH' - type: string type: object required: - spec @@ -50712,25 +74616,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: identityplatformoauthidpconfigs.identityplatform.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: identityplatformtenantinboundsamlconfigs.identityplatform.cnrm.cloud.google.com spec: group: identityplatform.cnrm.cloud.google.com names: categories: - gcp - kind: IdentityPlatformOAuthIDPConfig - plural: identityplatformoauthidpconfigs + kind: IdentityPlatformTenantInboundSAMLConfig + plural: identityplatformtenantinboundsamlconfigs shortNames: - - gcpidentityplatformoauthidpconfig - - gcpidentityplatformoauthidpconfigs - singular: identityplatformoauthidpconfig + - gcpidentityplatformtenantinboundsamlconfig + - gcpidentityplatformtenantinboundsamlconfigs + singular: identityplatformtenantinboundsamlconfig preserveUnknownFields: false scope: Namespaced versions: @@ -50750,7 +74654,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -50768,80 +74672,108 @@ spec: type: object spec: properties: - clientId: - description: The client id of an OAuth client. + displayName: + description: Human friendly display name. type: string - clientSecret: - description: The client secret of the OAuth client, to enable OIDC - code flow. + enabled: + description: If this config allows users to sign in with the provider. + type: boolean + idpConfig: + description: SAML IdP configuration when the project acts as the relying + party. + properties: + idpCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + idpEntityId: + description: Unique identifier for all SAML entities. + type: string + signRequest: + description: Indicates if outbounding SAMLRequest should be signed. + type: boolean + ssoUrl: + description: URL to send Authentication request to. + type: string + required: + - idpCertificates + - idpEntityId + - ssoUrl + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object type: object - displayName: - description: The config's display name set by developers. - type: string - enabled: - description: True if allows the user to sign in with the provider. - type: boolean - issuer: - description: For OIDC Idps, the issuer identifier. - type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - responseType: - description: 'The multiple response type to request for in the OAuth - authorization flow. This can possibly be a combination of set bits - (e.g.: {id\_token, token}).' + spConfig: + description: |- + SAML SP (Service Provider) configuration when the project acts as the relying party to receive + and accept an authentication assertion issued by a SAML identity provider. properties: - code: - description: If true, authorization code is returned from IdP's - authorization endpoint. - type: boolean - idToken: - description: If true, ID token is returned from IdP's authorization - endpoint. - type: boolean - token: - description: If true, access token is returned from IdP's authorization - endpoint. - type: boolean + callbackUri: + description: Callback URI where responses from IDP are handled. + Must start with 'https://'. + type: string + spCertificates: + description: The IDP's certificate data to verify the signature + in the SAMLResponse issued by the IDP. + items: + properties: + x509Certificate: + description: The x509 certificate. + type: string + type: object + type: array + spEntityId: + description: Unique identifier for all SAML entities. + type: string + required: + - callbackUri + - spEntityId type: object + tenant: + description: Immutable. The name of the tenant where this inbound + SAML config resource exists. + type: string + required: + - displayName + - idpConfig + - projectRef + - spConfig + - tenant type: object status: properties: @@ -50879,6 +74811,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -50895,7 +74829,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51112,7 +75046,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51265,7 +75199,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -51321,84 +75255,579 @@ spec: type: object spec: properties: - destroyScheduledDuration: - description: |- - Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. - If not specified at creation time, the default duration is 24 hours. - type: string - importOnly: - description: Immutable. Whether this key may contain imported versions - only. - type: boolean - keyRingRef: - description: The KMSKeyRing that this key belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - purpose: + destroyScheduledDuration: + description: |- + Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. + If not specified at creation time, the default duration is 24 hours. + type: string + importOnly: + description: Immutable. Whether this key may contain imported versions + only. + type: boolean + keyRingRef: + description: The KMSKeyRing that this key belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSKeyRing` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + purpose: + description: |- + Immutable. The immutable purpose of this CryptoKey. See the + [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) + for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotationPeriod: + description: |- + Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. + The first rotation will take place after the specified period. The rotation period has + the format of a decimal number with up to 9 fractional digits, followed by the + letter 's' (seconds). It must be greater than a day (ie, 86400). + type: string + skipInitialVersionCreation: + description: "Immutable. If set to true, the request will create a + CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' + resource to import the CryptoKeyVersion." + type: boolean + versionTemplate: + description: A template describing settings for new crypto key versions. + properties: + algorithm: + description: |- + The algorithm to use when creating a version based on this template. + See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. + type: string + protectionLevel: + description: Immutable. The protection level to use when creating + a version based on this template. Possible values include "SOFTWARE", + "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". + type: string + required: + - algorithm + type: object + required: + - keyRingRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmscryptokeyversions.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSCryptoKeyVersion + plural: kmscryptokeyversions + shortNames: + - gcpkmscryptokeyversion + - gcpkmscryptokeyversions + singular: kmscryptokeyversion + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cryptoKey: + description: |- + Immutable. The name of the cryptoKey associated with the CryptoKeyVersions. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + state: + description: 'The current state of the CryptoKeyVersion. Possible + values: ["PENDING_GENERATION", "ENABLED", "DISABLED", "DESTROYED", + "DESTROY_SCHEDULED", "PENDING_IMPORT", "IMPORT_FAILED"].' + type: string + required: + - cryptoKey + type: object + status: + properties: + algorithm: + description: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion + supports. + type: string + attestation: + description: |- + Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only provided for key versions with protectionLevel HSM. + items: + properties: + certChains: + description: The certificate chains needed to validate the attestation. + properties: + caviumCerts: + description: Cavium certificate chain corresponding to the + attestation. + type: string + googleCardCerts: + description: Google card certificate chain corresponding + to the attestation. + type: string + googlePartitionCerts: + description: Google partition certificate chain corresponding + to the attestation. + type: string + type: object + content: + description: The attestation data provided by the HSM when the + key operation was performed. + type: string + externalProtectionLevelOptions: + description: ExternalProtectionLevelOptions stores a group of + additional fields for configuring a CryptoKeyVersion that + are specific to the EXTERNAL protection level and EXTERNAL_VPC + protection levels. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this + CryptoKeyVersion represents. + type: string + type: object + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + generateTime: + description: The time this CryptoKeyVersion key material was generated. + type: string + name: + description: The resource name for this CryptoKeyVersion. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + protectionLevel: + description: The ProtectionLevel describing how crypto operations + are performed with this CryptoKeyVersion. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyringimportjobs.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRingImportJob + plural: kmskeyringimportjobs + shortNames: + - gcpkmskeyringimportjob + - gcpkmskeyringimportjobs + singular: kmskeyringimportjob + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + importJobId: + description: Immutable. It must be unique within a KeyRing and match + the regular expression [a-zA-Z0-9_-]{1,63}. + type: string + importMethod: + description: 'Immutable. The wrapping method to be used for incoming + key material. Possible values: ["RSA_OAEP_3072_SHA1_AES_256", "RSA_OAEP_4096_SHA1_AES_256"].' + type: string + keyRing: + description: |- + Immutable. The KeyRing that this import job belongs to. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''. + type: string + protectionLevel: + description: |- + Immutable. The protection level of the ImportJob. This must match the protectionLevel of the + versionTemplate on the CryptoKey you attempt to import into. Possible values: ["SOFTWARE", "HSM", "EXTERNAL"]. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - importJobId + - importMethod + - keyRing + - protectionLevel + type: object + status: + properties: + attestation: + description: |- + Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. + Use this statement to verify attributes of the key as stored on the HSM, independently of Google. + Only present if the chosen ImportMethod is one with a protection level of HSM. + items: + properties: + content: + description: |- + The attestation data provided by the HSM when the key operation was performed. + A base64-encoded string. + type: string + format: + description: The format of the attestation data. + type: string + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + expireTime: + description: |- + The time at which this resource is scheduled for expiration and can no longer be used. + This is in RFC3339 text format. + type: string + name: + description: The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + publicKey: + description: The public key with which to wrap key material prior + to import. Only returned if state is 'ACTIVE'. + items: + properties: + pem: + description: |- + The public key, encoded in PEM format. For more information, see the RFC 7468 sections + for General Considerations and Textual Encoding of Subject Public Key Info. + type: string + type: object + type: array + state: + description: The current state of the ImportJob, indicating if it + can be used. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: kmskeyrings.kms.cnrm.cloud.google.com +spec: + group: kms.cnrm.cloud.google.com + names: + categories: + - gcp + kind: KMSKeyRing + plural: kmskeyrings + shortNames: + - gcpkmskeyring + - gcpkmskeyrings + singular: kmskeyring + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + location: description: |- - Immutable. The immutable purpose of this CryptoKey. See the - [purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose) - for possible inputs. Default value: "ENCRYPT_DECRYPT" Possible values: ["ENCRYPT_DECRYPT", "ASYMMETRIC_SIGN", "ASYMMETRIC_DECRYPT", "MAC"]. + Immutable. The location for the KeyRing. + A full list of valid locations can be found by running 'gcloud kms locations list'. type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotationPeriod: - description: |- - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. - The first rotation will take place after the specified period. The rotation period has - the format of a decimal number with up to 9 fractional digits, followed by the - letter 's' (seconds). It must be greater than a day (ie, 86400). - type: string - skipInitialVersionCreation: - description: "Immutable. If set to true, the request will create a - CryptoKey without any CryptoKeyVersions. \nYou must use the 'google_kms_key_ring_import_job' - resource to import the CryptoKeyVersion." - type: boolean - versionTemplate: - description: A template describing settings for new crypto key versions. - properties: - algorithm: - description: |- - The algorithm to use when creating a version based on this template. - See the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs. - type: string - protectionLevel: - description: Immutable. The protection level to use when creating - a version based on this template. Possible values include "SOFTWARE", - "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE". - type: string - required: - - algorithm - type: object required: - - keyRingRef + - location type: object status: properties: @@ -51436,7 +75865,7 @@ spec: the resource. type: integer selfLink: - description: The self link of the created key in the format projects/{project}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{name}. + description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. type: string type: object required: @@ -51457,25 +75886,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: kmskeyrings.kms.cnrm.cloud.google.com + name: kmssecretciphertexts.kms.cnrm.cloud.google.com spec: group: kms.cnrm.cloud.google.com names: categories: - gcp - kind: KMSKeyRing - plural: kmskeyrings + kind: KMSSecretCiphertext + plural: kmssecretciphertexts shortNames: - - gcpkmskeyring - - gcpkmskeyrings - singular: kmskeyring + - gcpkmssecretciphertext + - gcpkmssecretciphertexts + singular: kmssecretciphertext preserveUnknownFields: false scope: Namespaced versions: @@ -51495,7 +75924,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -51513,21 +75942,103 @@ spec: type: object spec: properties: - location: + additionalAuthenticatedData: + description: Immutable. The additional authenticated data used for + integrity checks during encryption and decryption. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + cryptoKey: description: |- - Immutable. The location for the KeyRing. - A full list of valid locations can be found by running 'gcloud kms locations list'. + Immutable. The full name of the CryptoKey that will be used to encrypt the provided plaintext. + Format: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''. type: string + plaintext: + description: Immutable. The plaintext to be encrypted. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - location + - cryptoKey + - plaintext type: object status: properties: + ciphertext: + description: Contains the result of encrypting the provided plaintext, + encoded in base64. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -51561,9 +76072,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The self link of the created KeyRing in the format projects/{project}/locations/{location}/keyRings/{name}. - type: string type: object required: - spec @@ -51583,7 +76091,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -51867,7 +76375,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52142,7 +76650,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -52563,7 +77071,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -52967,7 +77475,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -53271,7 +77779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -53608,7 +78116,183 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: mlenginemodels.mlengine.cnrm.cloud.google.com +spec: + group: mlengine.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MLEngineModel + plural: mlenginemodels + shortNames: + - gcpmlenginemodel + - gcpmlenginemodels + singular: mlenginemodel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + defaultVersion: + description: |- + Immutable. The default version of the model. This version will be used to handle + prediction requests that do not specify a version. + properties: + name: + description: Immutable. The name specified for the version when + it was created. + type: string + required: + - name + type: object + description: + description: Immutable. The description specified for the model when + it was created. + type: string + onlinePredictionConsoleLogging: + description: Immutable. If true, online prediction nodes send stderr + and stdout streams to Stackdriver Logging. + type: boolean + onlinePredictionLogging: + description: Immutable. If true, online prediction access logs are + sent to StackDriver Logging. + type: boolean + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + regions: + description: |- + Immutable. The list of regions where the model is going to be deployed. + Currently only one region per model is supported. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" @@ -54423,7 +79107,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -61206,41 +85890,1513 @@ spec: must be positive, and it can only be applied to charts with data sets of LINE plot type. type: string - xAxis: - description: The properties applied to the X axis. - properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string - type: object - yAxis: - description: The properties applied to the Y axis. + xAxis: + description: The properties applied to the X axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + yAxis: + description: The properties applied to the Y axis. + properties: + label: + description: The label of the axis. + type: string + scale: + description: 'The axis scale. By default, + a linear scale is used. Possible values: + SCALE_UNSPECIFIED, LINEAR, LOG10' + type: string + type: object + required: + - dataSets + type: object + type: object + type: array + type: object + type: array + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: \`etag\` is used for optimistic concurrency control as + a way to help prevent simultaneous updates of a policy from overwriting + each other. An \`etag\` is returned in the response to \`GetDashboard\`, + and users are expected to put that etag in the request to \`UpdateDashboard\` + to ensure that their change will be applied to the same version + of the Dashboard configuration. The field should not be passed during + dashboard creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringgroups.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringGroup + plural: monitoringgroups + shortNames: + - gcpmonitoringgroup + - gcpmonitoringgroups + singular: monitoringgroup + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + displayName: + description: A user-assigned name for this group, used only for display + purposes. + type: string + filter: + description: The filter used to determine which monitored resources + belong to this group. + type: string + isCluster: + description: If true, the members of this group are considered to + be a cluster. The system can perform additional analysis on groups + that are clusters. + type: boolean + parentRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project of the group + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + required: + - displayName + - filter + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMetricDescriptor + plural: monitoringmetricdescriptors + shortNames: + - gcpmonitoringmetricdescriptor + - gcpmonitoringmetricdescriptors + singular: monitoringmetricdescriptor + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. A detailed description of the metric, which + can be used in documentation. + type: string + displayName: + description: Immutable. A concise name for the metric, which can be + displayed in user interfaces. Use sentence case without an ending + period, for example "Request count". This field is optional but + it is recommended to be set for any metrics associated with user-visible + concepts, such as Quota. + type: string + labels: + description: Immutable. The set of labels that can be used to describe + a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` + metric type has a label for the HTTP response code, `response_code`, + so you can look at latencies for successful responses or just for + responses that failed. + items: + properties: + description: + description: Immutable. A human-readable description for the + label. + type: string + key: + description: 'Immutable. The key for this label. The key must + meet the following criteria: * Does not exceed 100 characters. + * Matches the following regular expression: `a-zA-Z*` * The + first character must be an upper- or lower-case letter. * + The remaining characters must be letters, digits, or underscores.' + type: string + valueType: + description: 'Immutable. The type of data that can be assigned + to the label. Possible values: STRING, BOOL, INT64' + type: string + type: object + type: array + launchStage: + description: 'Immutable. Optional. The launch stage of the metric + definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + metadata: + description: Immutable. Optional. Metadata which can be used to guide + usage of the metric. + properties: + ingestDelay: + description: Immutable. The delay of data points caused by ingestion. + Data points older than this age are guaranteed to be ingested + and available to be read, excluding data loss due to errors. + type: string + launchStage: + description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage + instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + type: string + samplePeriod: + description: Immutable. The sampling period of metric data points. + For metrics which are written periodically, consecutive data + points are stored at this time interval, excluding data loss + due to errors. Metrics with a higher granularity have a smaller + sampling period. + type: string + type: object + metricKind: + description: 'Immutable. Whether the metric records instantaneous + values, changes to a value, etc. Some combinations of `metric_kind` + and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, + GAUGE, DELTA, CUMULATIVE' + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: + description: 'Immutable. The metric type, including its DNS name prefix. + The type is not URL-encoded. All user-defined metric types have + the DNS name `custom.googleapis.com` or `external.googleapis.com`. + Metric types should use a natural hierarchical grouping. For example: + "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" + "appengine.googleapis.com/http/server/response_latencies"' + type: string + unit: + description: 'Immutable. The units in which the metric value is reported. + It is only applicable if the `value_type` is `INT64`, `DOUBLE`, + or `DISTRIBUTION`. The `unit` defines the representation of the + stored metric values. Different systems might scale the values to + be more easily displayed (so a value of `0.02kBy` _might_ be displayed + as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). + However, if the `unit` is `kBy`, then the value of the metric is + always in thousands of bytes, no matter how it might be displayed. + If you want a custom metric to record the exact number of CPU-seconds + used by a job, you can create an `INT64 CUMULATIVE` metric whose + `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the + job uses 12,005 CPU-seconds, then the value is written as `12005`. + Alternatively, if you want a custom metric to record data in a more + granular way, you can create a `DOUBLE CUMULATIVE` metric whose + `unit` is `ks{CPU}`, and then write the value `12.005` (which is + `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). + The supported units are a subset of [The Unified Code for Units + of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic + units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute + * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * + `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) + * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta + (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) + * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` + zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi + (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) + **Grammar** The grammar also includes these connectors: * `/` division + or ratio (as an infix operator). For examples, `kBy/{email}` or + `MiBy/10ms` (although you should almost never have `/s` in a metric + `unit`; rates should always be computed at query time from the underlying + cumulative or delta value). * `.` multiplication or composition + (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The + grammar for a unit is as follows: Expression = Component: { "." + Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | + "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME + "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. + If the annotation is used alone, then the unit is equivalent to + `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. + * `NAME` is a sequence of non-blank printable ASCII characters not + containing `{` or `}`. * `1` represents a unitary [dimensionless + unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, + such as in `1/s`. It is typically used when none of the basic units + are appropriate. For example, "new users per day" can be represented + as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 + new users). Alternatively, "thousands of page views per day" would + be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a + metric value of `5.3` would mean "5300 page views per day"). * `%` + represents dimensionless value of 1/100, and annotates values giving + a percentage (so the metric values are typically in the range of + 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates + a metric contains a ratio, typically in the range 0..1, that will + be multiplied by 100 and displayed as a percentage (so a metric + value `0.03` means "3 percent").' + type: string + valueType: + description: 'Immutable. Whether the measurement is an integer, a + floating-point number, etc. Some combinations of `metric_kind` and + `value_type` might not be supported. Possible values: STRING, BOOL, + INT64' + type: string + required: + - metricKind + - projectRef + - type + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + monitoredResourceTypes: + description: Read-only. If present, then a time series, which is identified + partially by a metric type and a MonitoredResourceDescriptor, that + is associated with this metric type can only be associated with + one of the monitored resource types listed here. + items: + type: string + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: The resource name of the metric descriptor. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringMonitoredProject + plural: monitoringmonitoredprojects + shortNames: + - gcpmonitoringmonitoredproject + - gcpmonitoringmonitoredprojects + singular: monitoringmonitoredproject + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + metricsScope: + description: 'Immutable. Required. The resource name of the existing + Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - metricsScope + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time when this `MonitoredProject` was + created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringNotificationChannel + plural: monitoringnotificationchannels + shortNames: + - gcpmonitoringnotificationchannel + - gcpmonitoringnotificationchannels + singular: monitoringnotificationchannel + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: An optional human-readable description of this notification + channel. This description may provide additional details, beyond + the display name, for the channel. This may not exceed 1024 Unicode + characters. + type: string + enabled: + description: Whether notifications are forwarded to the described + channel. This makes it possible to disable delivery of notifications + to a particular channel without removing the channel from all alerting + policies that reference the channel. This is a more convenient approach + when the change is temporary and you want to receive notifications + from the same set of alerting policies on the channel at some point + in the future. + type: boolean + forceDelete: + description: |- + If true, the notification channel will be deleted regardless + of its use in alert policies (the policies will be updated + to remove the channel). If false, channels that are still + referenced by an existing alerting policy will fail to be + deleted in a delete operation. + type: boolean + labels: + additionalProperties: + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + sensitiveLabels: + description: |- + Different notification type behaviors are configured primarily using the the 'labels' field on this + resource. This block contains the labels which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: password, will be the key + in the 'labels' map in the api request. + + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + properties: + authToken: + description: 'An authorization token for a notification channel. + Channel types that support this field include: slack.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + password: + description: 'An password for a notification channel. Channel + types that support this field include: webhook_basicauth.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + serviceKey: + description: 'An servicekey token for a notification channel. + Channel types that support this field include: pagerduty.' + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + type: object + type: + description: The type of the notification channel. This field matches + the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list + to get the list of valid values such as "email", "slack", etc... + type: string + required: + - type + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + name: + description: |- + The full REST resource name for this channel. The syntax is: + projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] + The [CHANNEL_ID] is automatically assigned by the server on creation. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + verificationStatus: + description: Indicates whether this channel has been verified or not. + On a ListNotificationChannels or GetNotificationChannel operation, + this field is expected to be populated.If the value is UNVERIFIED, + then it indicates that the channel is non-functioning (it both requires + verification and lacks verification); otherwise, it is assumed that + the channel works.If the channel is neither VERIFIED nor UNVERIFIED, + it implies that the channel is of a type that does not require verification + or that this specific channel has been exempted from verification + because it was created prior to verification being required for + channels of this type.This field cannot be modified using a standard + UpdateNotificationChannel operation. To change the value of this + field, you must call VerifyNotificationChannel. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com +spec: + group: monitoring.cnrm.cloud.google.com + names: + categories: + - gcp + kind: MonitoringServiceLevelObjective + plural: monitoringservicelevelobjectives + shortNames: + - gcpmonitoringservicelevelobjective + - gcpmonitoringservicelevelobjectives + singular: monitoringservicelevelobjective + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + calendarPeriod: + description: 'A calendar period, semantically "since the start of + the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, + and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, + DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' + type: string + displayName: + description: Name used for UI elements listing this SLO. + type: string + goal: + description: The fraction of service that must be good in order for + this objective to be met. `0 < goal <= 0.999`. + format: double + type: number + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollingPeriod: + description: A rolling time period, semantically "in the past ``". + Must be an integer multiple of 1 day no larger than 30 days. + type: string + serviceLevelIndicator: + description: The definition of good service, used to measure and calculate + the quality of the `Service`'s performance with respect to a single + aspect of service quality. + properties: + basicSli: + description: Basic SLI on a well-known service type. + properties: + availability: + description: Good service is defined to be the count of requests + made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count of requests + made to this service that are fast enough with respect to + `latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + requests made to this service that return in no more + than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which this + SLI is relevant. Telemetry from other locations will not + be used to calculate performance for this SLI. If omitted, + this SLI applies to all locations in which the Service has + activity. For service types that don''t support breaking + down by location, setting this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this SLI + is relevant. Telemetry from other methods will not be used + to calculate performance for this SLI. If omitted, this + SLI applies to all the Service''s methods. For service types + that don''t support breaking down by method, setting this + field will result in an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count of operations + performed by this service that return successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count of operations + performed by this service that are fast enough with respect + to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience associated + with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, + DELIGHTING, SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the count of + operations that are completed in no more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to which this + SLI is relevant. Telemetry from other API versions will + not be used to calculate performance for this SLI. If omitted, + this SLI applies to all API versions. For service types + that don''t support breaking down by version, setting this + field will result in an error.' + items: + type: string + type: array + type: object + requestBased: + description: Request-based SLIs + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` that + fall into a good range. The `total_service` is the total + count of all values aggregated in the `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. Must have + `ValueType = DISTRIBUTION` and `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the ratio of + `good_service` to `total_service` is computed from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, either + demanded service that was not provided or demanded service + that was of inadequate quality. Must have `ValueType + = DOUBLE` or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service provided. + Must have `ValueType = DOUBLE` or `ValueType = INT64` + and must have `MetricKind = DELTA` or `MetricKind = + CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total demanded + service. Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` or `MetricKind + = CUMULATIVE`. + type: string + type: object + type: object + windowsBased: + description: Windows-based SLIs + properties: + goodBadMetricFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` with `ValueType = BOOL`. The window + is good if any `true` values appear in the window. + type: string + goodTotalRatioThreshold: + description: A window is good if its `performance` is high + enough. + properties: + basicSliPerformance: + description: '`BasicSli` to evaluate to judge window quality.' + properties: + availability: + description: Good service is defined to be the count + of requests made to this service that return successfully. + type: object + x-kubernetes-preserve-unknown-fields: true + latency: + description: Good service is defined to be the count + of requests made to this service that are fast enough + with respect to `latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of requests made to this service that + return in no more than `threshold`. + type: string + type: object + location: + description: 'OPTIONAL: The set of locations to which + this SLI is relevant. Telemetry from other locations + will not be used to calculate performance for this + SLI. If omitted, this SLI applies to all locations + in which the Service has activity. For service types + that don''t support breaking down by location, setting + this field will result in an error.' + items: + type: string + type: array + method: + description: 'OPTIONAL: The set of RPCs to which this + SLI is relevant. Telemetry from other methods will + not be used to calculate performance for this SLI. + If omitted, this SLI applies to all the Service''s + methods. For service types that don''t support breaking + down by method, setting this field will result in + an error.' + items: + type: string + type: array + operationAvailability: + description: Good service is defined to be the count + of operations performed by this service that return + successfully + type: object + x-kubernetes-preserve-unknown-fields: true + operationLatency: + description: Good service is defined to be the count + of operations performed by this service that are + fast enough with respect to `operation_latency.threshold`. + properties: + experience: + description: 'A description of the experience + associated with failing requests. Possible values: + LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, + SATISFYING, ANNOYING' + type: string + threshold: + description: Good service is defined to be the + count of operations that are completed in no + more than `threshold`. + type: string + type: object + version: + description: 'OPTIONAL: The set of API versions to + which this SLI is relevant. Telemetry from other + API versions will not be used to calculate performance + for this SLI. If omitted, this SLI applies to all + API versions. For service types that don''t support + breaking down by version, setting this field will + result in an error.' + items: + type: string + type: array + type: object + performance: + description: '`RequestBasedSli` to evaluate to judge window + quality.' + properties: + distributionCut: + description: '`distribution_cut` is used when `good_service` + is a count of values aggregated in a `Distribution` + that fall into a good range. The `total_service` + is the total count of all values aggregated in the + `Distribution`.' + properties: + distributionFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` aggregating values. + Must have `ValueType = DISTRIBUTION` and `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + range: + description: Range of values considered "good." + For a one-sided range, set one bound to an infinite + value. properties: - label: - description: The label of the axis. - type: string - scale: - description: 'The axis scale. By default, - a linear scale is used. Possible values: - SCALE_UNSPECIFIED, LINEAR, LOG10' - type: string + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number type: object - required: - - dataSets + type: object + goodTotalRatio: + description: '`good_total_ratio` is used when the + ratio of `good_service` to `total_service` is computed + from two `TimeSeries`.' + properties: + badServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying bad service, + either demanded service that was not provided + or demanded service that was of inadequate quality. + Must have `ValueType = DOUBLE` or `ValueType + = INT64` and must have `MetricKind = DELTA` + or `MetricKind = CUMULATIVE`. + type: string + goodServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying good service + provided. Must have `ValueType = DOUBLE` or + `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string + totalServiceFilter: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying a `TimeSeries` quantifying total + demanded service. Must have `ValueType = DOUBLE` + or `ValueType = INT64` and must have `MetricKind + = DELTA` or `MetricKind = CUMULATIVE`. + type: string type: object type: object - type: array - type: object - type: array + threshold: + description: If window `performance >= threshold`, the + window is counted as good. + format: double + type: number + type: object + metricMeanInRange: + description: A window is good if the metric's value is in + a good range, averaged across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + metricSumInRange: + description: A window is good if the metric's value is in + a good range, summed across returned streams. + properties: + range: + description: Range of values considered "good." For a + one-sided range, set one bound to an infinite value. + properties: + max: + description: Range maximum. + format: double + type: number + min: + description: Range minimum. + format: double + type: number + type: object + timeSeries: + description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) + specifying the `TimeSeries` to use for evaluating window + quality. + type: string + type: object + windowPeriod: + description: Duration over which window quality is evaluated. + Must be an integer fraction of a day and at least `60s`. + type: string + type: object + type: object + serviceRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The service for the resource + + Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object required: - - displayName + - goal - projectRef + - serviceRef type: object status: properties: @@ -61270,14 +87426,21 @@ spec: type: string type: object type: array - etag: - description: \`etag\` is used for optimistic concurrency control as - a way to help prevent simultaneous updates of a policy from overwriting - each other. An \`etag\` is returned in the response to \`GetDashboard\`, - and users are expected to put that etag in the request to \`UpdateDashboard\` - to ensure that their change will be applied to the same version - of the Dashboard configuration. The field should not be passed during - dashboard creation. + createTime: + description: Time stamp of the `Create` or most recent `Update` command + on this `Slo`. + format: date-time + type: string + deleteTime: + description: Time stamp of the `Update` or `Delete` command that made + this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s + returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, + because it is always empty in the current version. It is populated + in `ServiceLevelObjective`s representing previous versions in the + output of `ListServiceLevelObjectiveVersions`. Because all old configuration + versions are stored, `Update` operations mark the obsoleted version + as deleted. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -61286,6 +87449,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceManagementOwned: + description: Output only. If set, this SLO is managed at the [Service + Management](https://cloud.google.com/service-management/overview) + level. Therefore the service yaml file is the source of truth for + this SLO, and API `Update` and `Delete` operations are forbidden. + type: boolean type: object required: - spec @@ -61305,25 +87474,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringgroups.monitoring.cnrm.cloud.google.com + name: monitoringservices.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringGroup - plural: monitoringgroups + kind: MonitoringService + plural: monitoringservices shortNames: - - gcpmonitoringgroup - - gcpmonitoringgroups - singular: monitoringgroup + - gcpmonitoringservice + - gcpmonitoringservices + singular: monitoringservice preserveUnknownFields: false scope: Namespaced versions: @@ -61362,47 +87531,8 @@ spec: spec: properties: displayName: - description: A user-assigned name for this group, used only for display - purposes. - type: string - filter: - description: The filter used to determine which monitored resources - belong to this group. + description: Name used for UI elements listing this Service. type: string - isCluster: - description: If true, the members of this group are considered to - be a cluster. The system can perform additional analysis on groups - that are clusters. - type: boolean - parentRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The name of the group's parent, if it has one. The format is: projects/ For groups with no parent, `parent_name` is the empty string, ``. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -61422,7 +87552,7 @@ spec: properties: external: description: |- - The project of the group + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61434,13 +87564,20 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + telemetry: + description: Configuration for how to query telemetry on a Service. + properties: + resourceName: + description: The full name of the resource that defines this service. + Formatted as described in https://cloud.google.com/apis/design/resource_names. + type: string + type: object required: - - displayName - - filter + - projectRef type: object status: properties: @@ -61496,25 +87633,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmetricdescriptors.monitoring.cnrm.cloud.google.com + name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com spec: group: monitoring.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMetricDescriptor - plural: monitoringmetricdescriptors + kind: MonitoringUptimeCheckConfig + plural: monitoringuptimecheckconfigs shortNames: - - gcpmonitoringmetricdescriptor - - gcpmonitoringmetricdescriptors - singular: monitoringmetricdescriptor + - gcpmonitoringuptimecheckconfig + - gcpmonitoringuptimecheckconfigs + singular: monitoringuptimecheckconfig preserveUnknownFields: false scope: Namespaced versions: @@ -61552,74 +87689,171 @@ spec: type: object spec: properties: - description: - description: Immutable. A detailed description of the metric, which - can be used in documentation. - type: string - displayName: - description: Immutable. A concise name for the metric, which can be - displayed in user interfaces. Use sentence case without an ending - period, for example "Request count". This field is optional but - it is recommended to be set for any metrics associated with user-visible - concepts, such as Quota. - type: string - labels: - description: Immutable. The set of labels that can be used to describe - a specific instance of this metric type. For example, the `appengine.googleapis.com/http/server/response_latencies` - metric type has a label for the HTTP response code, `response_code`, - so you can look at latencies for successful responses or just for - responses that failed. + contentMatchers: + description: The content that is expected to appear in the data returned + by the target server against which the check is run. Currently, + only the first entry in the `content_matchers` list is supported, + and additional entries will be ignored. This field is optional and + should only be specified if a content match is required as part + of the/ Uptime check. items: properties: - description: - description: Immutable. A human-readable description for the - label. - type: string - key: - description: 'Immutable. The key for this label. The key must - meet the following criteria: * Does not exceed 100 characters. - * Matches the following regular expression: `a-zA-Z*` * The - first character must be an upper- or lower-case letter. * - The remaining characters must be letters, digits, or underscores.' + content: type: string - valueType: - description: 'Immutable. The type of data that can be assigned - to the label. Possible values: STRING, BOOL, INT64' + matcher: + description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, + CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' type: string + required: + - content type: object type: array - launchStage: - description: 'Immutable. Optional. The launch stage of the metric - definition. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + displayName: + description: A human-friendly name for the Uptime check configuration. + The display name should be unique within a Stackdriver Workspace + in order to make it easier to identify; however, uniqueness is not + enforced. Required. type: string - metadata: - description: Immutable. Optional. Metadata which can be used to guide - usage of the metric. + httpCheck: + description: Contains information needed to make an HTTP or HTTPS + check. properties: - ingestDelay: - description: Immutable. The delay of data points caused by ingestion. - Data points older than this age are guaranteed to be ingested - and available to be read, excluding data loss due to errors. + authInfo: + description: The authentication information. Optional when creating + an HTTP check; defaults to empty. + properties: + password: + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to + be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + username: + type: string + required: + - password + - username + type: object + body: + description: 'The request body associated with the HTTP POST request. + If `content_type` is `URL_ENCODED`, the body passed in must + be URL-encoded. Users can provide a `Content-Length` header + via the `headers` field or the API will do so. If the `request_method` + is `GET` and `body` is not empty, the API will return an error. + The maximum byte size is 1 megabyte. Note: As with all `bytes` + fields JSON representations are base64 encoded. e.g.: "foo=bar" + in URL-encoded form is "foo%3Dbar" and in base64 encoding is + "Zm9vJTI1M0RiYXI=".' type: string - launchStage: - description: 'Immutable. Deprecated. Must use the MetricDescriptor.launch_stage - instead. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' + contentType: + description: 'Immutable. The content type to use for the check. Possible + values: TYPE_UNSPECIFIED, URL_ENCODED' type: string - samplePeriod: - description: Immutable. The sampling period of metric data points. - For metrics which are written periodically, consecutive data - points are stored at this time interval, excluding data loss - due to errors. Metrics with a higher granularity have a smaller - sampling period. + headers: + additionalProperties: + type: string + description: The list of headers to send as part of the Uptime + check request. If two headers have the same key and different + values, they should be entered as a single header, with the + value being a comma-separated list of all the desired values + as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt + (page 31). Entering two separate headers with the same key in + a Create call will cause the first to be overwritten by the + second. The maximum number of headers allowed is 100. + type: object + maskHeaders: + description: Immutable. Boolean specifying whether to encrypt + the header information. Encryption should be specified for any + headers related to authentication that you do not wish to be + seen when retrieving the configuration. The server will be responsible + for encrypting the headers. On Get/List calls, if `mask_headers` + is set to `true` then the headers will be obscured with `******.` + type: boolean + path: + description: Optional (defaults to "/"). The path to the page + against which to run the check. Will be combined with the `host` + (specified within the `monitored_resource`) and `port` to construct + the full URL. If the provided path does not begin with "/", + a "/" will be prepended automatically. + type: string + port: + description: Optional (defaults to 80 when `use_ssl` is `false`, + and 443 when `use_ssl` is `true`). The TCP port on the HTTP + server against which to run the check. Will be combined with + host (specified within the `monitored_resource`) and `path` + to construct the full URL. + format: int64 + type: integer + requestMethod: + description: Immutable. The HTTP request method to use for the + check. If set to `METHOD_UNSPECIFIED` then `request_method` + defaults to `GET`. + type: string + useSsl: + description: If `true`, use HTTPS instead of HTTP to run the check. + type: boolean + validateSsl: + description: Boolean specifying whether to include SSL certificate + validation as a part of the Uptime check. Only applies to checks + where `monitored_resource` is set to `uptime_url`. If `use_ssl` + is `false`, setting `validate_ssl` to `true` has no effect. + type: boolean + type: object + monitoredResource: + description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) + associated with the configuration. The following monitored resource + types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' + properties: + filterLabels: + additionalProperties: + type: string + description: Immutable. + type: object + type: + description: Immutable. type: string + required: + - filterLabels + - type type: object - metricKind: - description: 'Immutable. Whether the metric records instantaneous - values, changes to a value, etc. Some combinations of `metric_kind` - and `value_type` might not be supported. Possible values: METRIC_KIND_UNSPECIFIED, - GAUGE, DELTA, CUMULATIVE' + period: + description: How often, in seconds, the Uptime check is performed. + Currently, the only supported values are `60s` (1 minute), `300s` + (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, + defaults to `60s`. type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -61640,7 +87874,7 @@ spec: properties: external: description: |- - The project for the resource + The project for this uptime check config. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -61651,80 +87885,78 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - type: - description: 'Immutable. The metric type, including its DNS name prefix. - The type is not URL-encoded. All user-defined metric types have - the DNS name `custom.googleapis.com` or `external.googleapis.com`. - Metric types should use a natural hierarchical grouping. For example: - "custom.googleapis.com/invoice/paid/amount" "external.googleapis.com/prometheus/up" - "appengine.googleapis.com/http/server/response_latencies"' - type: string - unit: - description: 'Immutable. The units in which the metric value is reported. - It is only applicable if the `value_type` is `INT64`, `DOUBLE`, - or `DISTRIBUTION`. The `unit` defines the representation of the - stored metric values. Different systems might scale the values to - be more easily displayed (so a value of `0.02kBy` _might_ be displayed - as `20By`, and a value of `3523kBy` _might_ be displayed as `3.5MBy`). - However, if the `unit` is `kBy`, then the value of the metric is - always in thousands of bytes, no matter how it might be displayed. - If you want a custom metric to record the exact number of CPU-seconds - used by a job, you can create an `INT64 CUMULATIVE` metric whose - `unit` is `s{CPU}` (or equivalently `1s{CPU}` or just `s`). If the - job uses 12,005 CPU-seconds, then the value is written as `12005`. - Alternatively, if you want a custom metric to record data in a more - granular way, you can create a `DOUBLE CUMULATIVE` metric whose - `unit` is `ks{CPU}`, and then write the value `12.005` (which is - `12005/1000`), or use `Kis{CPU}` and write `11.723` (which is `12005/1024`). - The supported units are a subset of [The Unified Code for Units - of Measure](https://unitsofmeasure.org/ucum.html) standard: **Basic - units (UNIT)** * `bit` bit * `By` byte * `s` second * `min` minute - * `h` hour * `d` day * `1` dimensionless **Prefixes (PREFIX)** * - `k` kilo (10^3) * `M` mega (10^6) * `G` giga (10^9) * `T` tera (10^12) - * `P` peta (10^15) * `E` exa (10^18) * `Z` zetta (10^21) * `Y` yotta - (10^24) * `m` milli (10^-3) * `u` micro (10^-6) * `n` nano (10^-9) - * `p` pico (10^-12) * `f` femto (10^-15) * `a` atto (10^-18) * `z` - zepto (10^-21) * `y` yocto (10^-24) * `Ki` kibi (2^10) * `Mi` mebi - (2^20) * `Gi` gibi (2^30) * `Ti` tebi (2^40) * `Pi` pebi (2^50) - **Grammar** The grammar also includes these connectors: * `/` division - or ratio (as an infix operator). For examples, `kBy/{email}` or - `MiBy/10ms` (although you should almost never have `/s` in a metric - `unit`; rates should always be computed at query time from the underlying - cumulative or delta value). * `.` multiplication or composition - (as an infix operator). For examples, `GBy.d` or `k{watt}.h`. The - grammar for a unit is as follows: Expression = Component: { "." - Component } { "/" Component } ; Component = ( [ PREFIX ] UNIT | - "%" ) [ Annotation ] | Annotation | "1" ; Annotation = "{" NAME - "}" ; Notes: * `Annotation` is just a comment if it follows a `UNIT`. - If the annotation is used alone, then the unit is equivalent to - `1`. For examples, `{request}/s == 1/s`, `By{transmitted}/s == By/s`. - * `NAME` is a sequence of non-blank printable ASCII characters not - containing `{` or `}`. * `1` represents a unitary [dimensionless - unit](https://en.wikipedia.org/wiki/Dimensionless_quantity) of 1, - such as in `1/s`. It is typically used when none of the basic units - are appropriate. For example, "new users per day" can be represented - as `1/d` or `{new-users}/d` (and a metric value `5` would mean "5 - new users). Alternatively, "thousands of page views per day" would - be represented as `1000/d` or `k1/d` or `k{page_views}/d` (and a - metric value of `5.3` would mean "5300 page views per day"). * `%` - represents dimensionless value of 1/100, and annotates values giving - a percentage (so the metric values are typically in the range of - 0..100, and a metric value `3` means "3 percent"). * `10^2.%` indicates - a metric contains a ratio, typically in the range 0..1, that will - be multiplied by 100 and displayed as a percentage (so a metric - value `0.03` means "3 percent").' + resourceGroup: + description: Immutable. The group resource associated with the configuration. + properties: + groupRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. + + Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceType: + description: 'Immutable. The resource type of the group members. + Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' + type: string + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - valueType: - description: 'Immutable. Whether the measurement is an integer, a - floating-point number, etc. Some combinations of `metric_kind` and - `value_type` might not be supported. Possible values: STRING, BOOL, - INT64' + selectedRegions: + description: The list of regions from which the check will be run. + Some regions contain one location, and others contain more than + one. If this field is specified, enough regions must be provided + to include a minimum of 3 locations. Not specifying this field + will result in Uptime checks running from all available regions. + items: + type: string + type: array + tcpCheck: + description: Contains information needed to make a TCP check. + properties: + port: + description: The TCP port on the server against which to run the + check. Will be combined with host (specified within the `monitored_resource`) + to construct the full URL. Required. + format: int64 + type: integer + required: + - port + type: object + timeout: + description: The maximum amount of time to wait for the request to + complete (must be between 1 and 60 seconds). Required. type: string required: - - metricKind + - displayName - projectRef - - type - - valueType + - timeout type: object status: properties: @@ -61754,14 +87986,6 @@ spec: type: string type: object type: array - monitoredResourceTypes: - description: Read-only. If present, then a time series, which is identified - partially by a metric type and a MonitoredResourceDescriptor, that - is associated with this metric type can only be associated with - one of the monitored resource types listed here. - items: - type: string - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -61769,9 +87993,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The resource name of the metric descriptor. - type: string type: object required: - spec @@ -61791,25 +88012,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringmonitoredprojects.monitoring.cnrm.cloud.google.com + name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringMonitoredProject - plural: monitoringmonitoredprojects + kind: NetworkConnectivityHub + plural: networkconnectivityhubs shortNames: - - gcpmonitoringmonitoredproject - - gcpmonitoringmonitoredprojects - singular: monitoringmonitoredproject + - gcpnetworkconnectivityhub + - gcpnetworkconnectivityhubs + singular: networkconnectivityhub preserveUnknownFields: false scope: Namespaced versions: @@ -61847,17 +88068,46 @@ spec: type: object spec: properties: - metricsScope: - description: 'Immutable. Required. The resource name of the existing - Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}' + description: + description: An optional description of the hub. type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string required: - - metricsScope + - projectRef type: object status: properties: @@ -61888,8 +88138,7 @@ spec: type: object type: array createTime: - description: Output only. The time when this `MonitoredProject` was - created. + description: Output only. The time the hub was created. format: date-time type: string observedGeneration: @@ -61899,6 +88148,33 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + routingVpcs: + description: The VPC network associated with this hub's spokes. All + of the VPN tunnels, VLAN attachments, and router appliance instances + referenced by this hub's spokes must belong to this VPC network. + This field is read-only. Network Connectivity Center automatically + populates it based on the set of spokes attached to the hub. + items: + properties: + uri: + description: The URI of the VPC network. + type: string + type: object + type: array + state: + description: 'Output only. The current lifecycle state of this hub. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the hub. This + value is unique across all hub resources. If a hub is deleted and + another with the same name is created, the new hub is assigned a + different unique_id. + type: string + updateTime: + description: Output only. The time the hub was last updated. + format: date-time + type: string type: object required: - spec @@ -61918,25 +88194,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: + cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: monitoringnotificationchannels.monitoring.cnrm.cloud.google.com + name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkconnectivity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringNotificationChannel - plural: monitoringnotificationchannels + kind: NetworkConnectivitySpoke + plural: networkconnectivityspokes shortNames: - - gcpmonitoringnotificationchannel - - gcpmonitoringnotificationchannels - singular: monitoringnotificationchannel + - gcpnetworkconnectivityspoke + - gcpnetworkconnectivityspokes + singular: networkconnectivityspoke preserveUnknownFields: false scope: Namespaced versions: @@ -61975,175 +88251,221 @@ spec: spec: properties: description: - description: An optional human-readable description of this notification - channel. This description may provide additional details, beyond - the display name, for the channel. This may not exceed 1024 Unicode - characters. - type: string - enabled: - description: Whether notifications are forwarded to the described - channel. This makes it possible to disable delivery of notifications - to a particular channel without removing the channel from all alerting - policies that reference the channel. This is a more convenient approach - when the change is temporary and you want to receive notifications - from the same set of alerting policies on the channel at some point - in the future. - type: boolean - forceDelete: - description: |- - If true, the notification channel will be deleted regardless - of its use in alert policies (the policies will be updated - to remove the channel). If false, channels that are still - referenced by an existing alerting policy will fail to be - deleted in a delete operation. - type: boolean - labels: - additionalProperties: - type: string - type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: An optional description of the spoke. type: string - sensitiveLabels: - description: |- - Different notification type behaviors are configured primarily using the the 'labels' field on this - resource. This block contains the labels which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: password, will be the key - in the 'labels' map in the api request. + hubRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The URI of the hub that this spoke is attached to. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. + Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + linkedInterconnectAttachments: + description: Immutable. A collection of VLAN attachment resources. + These resources should be redundant attachments that all advertise + the same prefixes to Google Cloud. Alternatively, in active/passive + configurations, all attachments should be capable of advertising + the same prefixes. properties: - authToken: - description: 'An authorization token for a notification channel. - Channel types that support this field include: slack.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object - password: - description: 'An password for a notification channel. Channel - types that support this field include: webhook_basicauth.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: + - required: + - namespace required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris + type: object + linkedRouterApplianceInstances: + description: Immutable. The URIs of linked Router appliance resources + properties: + instances: + description: Immutable. The list of router appliance instances + items: + properties: + ipAddress: + description: Immutable. The IP address on the VM to use + for peering. + type: string + virtualMachineRef: + description: Immutable. + oneOf: + - not: + required: + - external required: - name - - key - type: object - type: object - type: object - serviceKey: - description: 'An servicekey token for a notification channel. - Channel types that support this field include: pagerduty.' - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string + - not: + anyOf: + - required: + - name + - required: + - namespace required: + - external + properties: + external: + description: |- + The URI of the virtual machine resource + + Allowed value: The `selfLink` field of a `ComputeInstance` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + type: array + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + required: + - instances + - siteToSiteDataTransfer + type: object + linkedVpnTunnels: + description: Immutable. The URIs of linked VPN tunnel resources + properties: + siteToSiteDataTransfer: + description: Immutable. A value that controls whether site-to-site + data transfer is enabled for these resources. Note that data + transfer is available only in supported locations. + type: boolean + uris: + description: Immutable. + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - key - type: object - type: object - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + required: + - siteToSiteDataTransfer + - uris type: object - type: - description: The type of the notification channel. This field matches - the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list - to get the list of valid values such as "email", "slack", etc... + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - type + - hubRef + - location + - projectRef type: object status: properties: @@ -62173,11 +88495,9 @@ spec: type: string type: object type: array - name: - description: |- - The full REST resource name for this channel. The syntax is: - projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID] - The [CHANNEL_ID] is automatically assigned by the server on creation. + createTime: + description: Output only. The time the spoke was created. + format: date-time type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -62186,19 +88506,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - verificationStatus: - description: Indicates whether this channel has been verified or not. - On a ListNotificationChannels or GetNotificationChannel operation, - this field is expected to be populated.If the value is UNVERIFIED, - then it indicates that the channel is non-functioning (it both requires - verification and lacks verification); otherwise, it is assumed that - the channel works.If the channel is neither VERIFIED nor UNVERIFIED, - it implies that the channel is of a type that does not require verification - or that this specific channel has been exempted from verification - because it was created prior to verification being required for - channels of this type.This field cannot be modified using a standard - UpdateNotificationChannel operation. To change the value of this - field, you must call VerifyNotificationChannel. + state: + description: 'Output only. The current lifecycle state of this spoke. + Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' + type: string + uniqueId: + description: Output only. The Google-generated UUID for the spoke. + This value is unique across all spoke resources. If a spoke is deleted + and another with the same name is created, the new spoke is assigned + a different unique_id. + type: string + updateTime: + description: Output only. The time the spoke was last updated. + format: date-time type: string type: object required: @@ -62219,25 +88539,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: monitoringservicelevelobjectives.monitoring.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkmanagementconnectivitytests.networkmanagement.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networkmanagement.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringServiceLevelObjective - plural: monitoringservicelevelobjectives + kind: NetworkManagementConnectivityTest + plural: networkmanagementconnectivitytests shortNames: - - gcpmonitoringservicelevelobjective - - gcpmonitoringservicelevelobjectives - singular: monitoringservicelevelobjective + - gcpnetworkmanagementconnectivitytest + - gcpnetworkmanagementconnectivitytests + singular: networkmanagementconnectivitytest preserveUnknownFields: false scope: Namespaced versions: @@ -62257,7 +88577,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -62275,412 +88595,63 @@ spec: type: object spec: properties: - calendarPeriod: - description: 'A calendar period, semantically "since the start of - the current ``". At this time, only `DAY`, `WEEK`, `FORTNIGHT`, - and `MONTH` are supported. Possible values: CALENDAR_PERIOD_UNSPECIFIED, - DAY, WEEK, FORTNIGHT, MONTH, QUARTER, HALF, YEAR' - type: string - displayName: - description: Name used for UI elements listing this SLO. + description: + description: |- + The user-supplied description of the Connectivity Test. + Maximum of 512 characters. type: string - goal: - description: The fraction of service that must be good in order for - this objective to be met. `0 < goal <= 0.999`. - format: double - type: number - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource + destination: + description: |- + Required. Destination specification of the Connectivity Test. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rollingPeriod: - description: A rolling time period, semantically "in the past ``". - Must be an integer multiple of 1 day no larger than 30 days. - type: string - serviceLevelIndicator: - description: The definition of good service, used to measure and calculate - the quality of the `Service`'s performance with respect to a single - aspect of service quality. + You can use a combination of destination IP address, Compute + Engine VM instance, or VPC network to uniquely identify the + destination location. + + Even if the destination IP address is not unique, the source IP + location is unique. Usually, the analysis can infer the destination + endpoint from route information. + + If the destination you specify is a VM instance and the instance has + multiple network interfaces, then you must also specify either a + destination IP address or VPC network to identify the destination + interface. + + A reachability analysis proceeds even if the destination location + is ambiguous. However, the result can include endpoints that you + don't intend to test. properties: - basicSli: - description: Basic SLI on a well-known service type. - properties: - availability: - description: Good service is defined to be the count of requests - made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count of requests - made to this service that are fast enough with respect to - `latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - requests made to this service that return in no more - than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which this - SLI is relevant. Telemetry from other locations will not - be used to calculate performance for this SLI. If omitted, - this SLI applies to all locations in which the Service has - activity. For service types that don''t support breaking - down by location, setting this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this SLI - is relevant. Telemetry from other methods will not be used - to calculate performance for this SLI. If omitted, this - SLI applies to all the Service''s methods. For service types - that don''t support breaking down by method, setting this - field will result in an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count of operations - performed by this service that return successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count of operations - performed by this service that are fast enough with respect - to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience associated - with failing requests. Possible values: LATENCY_EXPERIENCE_UNSPECIFIED, - DELIGHTING, SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the count of - operations that are completed in no more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to which this - SLI is relevant. Telemetry from other API versions will - not be used to calculate performance for this SLI. If omitted, - this SLI applies to all API versions. For service types - that don''t support breaking down by version, setting this - field will result in an error.' - items: - type: string - type: array - type: object - requestBased: - description: Request-based SLIs - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` that - fall into a good range. The `total_service` is the total - count of all values aggregated in the `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. Must have - `ValueType = DISTRIBUTION` and `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the ratio of - `good_service` to `total_service` is computed from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, either - demanded service that was not provided or demanded service - that was of inadequate quality. Must have `ValueType - = DOUBLE` or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service provided. - Must have `ValueType = DOUBLE` or `ValueType = INT64` - and must have `MetricKind = DELTA` or `MetricKind = - CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total demanded - service. Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` or `MetricKind - = CUMULATIVE`. - type: string - type: object - type: object - windowsBased: - description: Windows-based SLIs - properties: - goodBadMetricFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` with `ValueType = BOOL`. The window - is good if any `true` values appear in the window. - type: string - goodTotalRatioThreshold: - description: A window is good if its `performance` is high - enough. - properties: - basicSliPerformance: - description: '`BasicSli` to evaluate to judge window quality.' - properties: - availability: - description: Good service is defined to be the count - of requests made to this service that return successfully. - type: object - x-kubernetes-preserve-unknown-fields: true - latency: - description: Good service is defined to be the count - of requests made to this service that are fast enough - with respect to `latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of requests made to this service that - return in no more than `threshold`. - type: string - type: object - location: - description: 'OPTIONAL: The set of locations to which - this SLI is relevant. Telemetry from other locations - will not be used to calculate performance for this - SLI. If omitted, this SLI applies to all locations - in which the Service has activity. For service types - that don''t support breaking down by location, setting - this field will result in an error.' - items: - type: string - type: array - method: - description: 'OPTIONAL: The set of RPCs to which this - SLI is relevant. Telemetry from other methods will - not be used to calculate performance for this SLI. - If omitted, this SLI applies to all the Service''s - methods. For service types that don''t support breaking - down by method, setting this field will result in - an error.' - items: - type: string - type: array - operationAvailability: - description: Good service is defined to be the count - of operations performed by this service that return - successfully - type: object - x-kubernetes-preserve-unknown-fields: true - operationLatency: - description: Good service is defined to be the count - of operations performed by this service that are - fast enough with respect to `operation_latency.threshold`. - properties: - experience: - description: 'A description of the experience - associated with failing requests. Possible values: - LATENCY_EXPERIENCE_UNSPECIFIED, DELIGHTING, - SATISFYING, ANNOYING' - type: string - threshold: - description: Good service is defined to be the - count of operations that are completed in no - more than `threshold`. - type: string - type: object - version: - description: 'OPTIONAL: The set of API versions to - which this SLI is relevant. Telemetry from other - API versions will not be used to calculate performance - for this SLI. If omitted, this SLI applies to all - API versions. For service types that don''t support - breaking down by version, setting this field will - result in an error.' - items: - type: string - type: array - type: object - performance: - description: '`RequestBasedSli` to evaluate to judge window - quality.' - properties: - distributionCut: - description: '`distribution_cut` is used when `good_service` - is a count of values aggregated in a `Distribution` - that fall into a good range. The `total_service` - is the total count of all values aggregated in the - `Distribution`.' - properties: - distributionFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` aggregating values. - Must have `ValueType = DISTRIBUTION` and `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - range: - description: Range of values considered "good." - For a one-sided range, set one bound to an infinite - value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - type: object - goodTotalRatio: - description: '`good_total_ratio` is used when the - ratio of `good_service` to `total_service` is computed - from two `TimeSeries`.' - properties: - badServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying bad service, - either demanded service that was not provided - or demanded service that was of inadequate quality. - Must have `ValueType = DOUBLE` or `ValueType - = INT64` and must have `MetricKind = DELTA` - or `MetricKind = CUMULATIVE`. - type: string - goodServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying good service - provided. Must have `ValueType = DOUBLE` or - `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - totalServiceFilter: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying a `TimeSeries` quantifying total - demanded service. Must have `ValueType = DOUBLE` - or `ValueType = INT64` and must have `MetricKind - = DELTA` or `MetricKind = CUMULATIVE`. - type: string - type: object - type: object - threshold: - description: If window `performance >= threshold`, the - window is counted as good. - format: double - type: number - type: object - metricMeanInRange: - description: A window is good if the metric's value is in - a good range, averaged across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - metricSumInRange: - description: A window is good if the metric's value is in - a good range, summed across returned streams. - properties: - range: - description: Range of values considered "good." For a - one-sided range, set one bound to an infinite value. - properties: - max: - description: Range maximum. - format: double - type: number - min: - description: Range minimum. - format: double - type: number - type: object - timeSeries: - description: A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters) - specifying the `TimeSeries` to use for evaluating window - quality. - type: string - type: object - windowPeriod: - description: Duration over which window quality is evaluated. - Must be an integer fraction of a day and at least `60s`. - type: string - type: object + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + 1. Only the IP address is specified, and the IP address is within + a GCP project. 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, the + network that the IP address resides in is defined in the host + project. + type: string type: object - serviceRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -62697,10 +88668,7 @@ spec: - external properties: external: - description: |- - The service for the resource - - Allowed value: The Google Cloud resource name of a `MonitoringService` resource (format: `projects/{{project}}/services/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -62709,10 +88677,88 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + protocol: + description: IP Protocol of the test. When not provided, "TCP" is + assumed. + type: string + relatedProjects: + description: |- + Other projects that may be relevant for reachability analysis. + This is applicable to scenarios where a test can cross project + boundaries. + items: + type: string + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + source: + description: |- + Required. Source specification of the Connectivity Test. + + You can use a combination of source IP address, virtual machine + (VM) instance, or Compute Engine network to uniquely identify the + source location. + + Examples: If the source IP address is an internal IP address within + a Google Cloud Virtual Private Cloud (VPC) network, then you must + also specify the VPC network. Otherwise, specify the VM instance, + which already contains its internal IP address and VPC network + information. + + If the source of the test is within an on-premises network, then + you must provide the destination VPC network. + + If the source endpoint is a Compute Engine VM instance with multiple + network interfaces, the instance itself is not sufficient to + identify the endpoint. So, you must also specify the source IP + address or VPC network. + + A reachability analysis proceeds even if the source location is + ambiguous. However, the test result may include endpoints that + you don't intend to test. + properties: + instance: + description: A Compute Engine instance URI. + type: string + ipAddress: + description: |- + The IP address of the endpoint, which can be an external or + internal IP. An IPv6 address is only allowed when the test's + destination is a global load balancer VIP. + type: string + network: + description: A Compute Engine network URI. + type: string + networkType: + description: 'Type of the network where the endpoint is located. + Possible values: ["GCP_NETWORK", "NON_GCP_NETWORK"].' + type: string + port: + description: |- + The IP protocol port of the endpoint. Only applicable when + protocol is TCP or UDP. + type: integer + projectId: + description: |- + Project ID where the endpoint is located. The Project ID can be + derived from the URI if you provide a VM instance or network URI. + The following are two cases where you must provide the project ID: + + 1. Only the IP address is specified, and the IP address is + within a GCP project. + 2. When you are using Shared VPC and the IP address + that you provide is from the service project. In this case, + the network that the IP address resides in is defined in the + host project. + type: string + type: object required: - - goal + - destination - projectRef - - serviceRef + - source type: object status: properties: @@ -62742,22 +88788,6 @@ spec: type: string type: object type: array - createTime: - description: Time stamp of the `Create` or most recent `Update` command - on this `Slo`. - format: date-time - type: string - deleteTime: - description: Time stamp of the `Update` or `Delete` command that made - this no longer a current `Slo`. This field is not populated in `ServiceLevelObjective`s - returned from calls to `GetServiceLevelObjective` and `ListServiceLevelObjectives`, - because it is always empty in the current version. It is populated - in `ServiceLevelObjective`s representing previous versions in the - output of `ListServiceLevelObjectiveVersions`. Because all old configuration - versions are stored, `Update` operations mark the obsoleted version - as deleted. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62765,12 +88795,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - serviceManagementOwned: - description: Output only. If set, this SLO is managed at the [Service - Management](https://cloud.google.com/service-management/overview) - level. Therefore the service yaml file is the source of truth for - this SLO, and API `Update` and `Delete` operations are forbidden. - type: boolean type: object required: - spec @@ -62790,25 +88814,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringservices.monitoring.cnrm.cloud.google.com + name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringService - plural: monitoringservices + kind: NetworkSecurityAuthorizationPolicy + plural: networksecurityauthorizationpolicies shortNames: - - gcpmonitoringservice - - gcpmonitoringservices - singular: monitoringservice + - gcpnetworksecurityauthorizationpolicy + - gcpnetworksecurityauthorizationpolicies + singular: networksecurityauthorizationpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -62846,8 +88870,16 @@ spec: type: object spec: properties: - displayName: - description: Name used for UI elements listing this Service. + action: + description: 'Required. The action to take when a rule match is found. + Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, + ALLOW, DENY' + type: string + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -62884,15 +88916,98 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - telemetry: - description: Configuration for how to query telemetry on a Service. - properties: - resourceName: - description: The full name of the resource that defines this service. - Formatted as described in https://cloud.google.com/apis/design/resource_names. - type: string - type: object + rules: + description: Optional. List of rules to match. If not set, the action + specified in the ‘action’ field will be applied without any additional + rule checks. + items: + properties: + destinations: + description: Optional. List of attributes for the traffic destination. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the destination. + items: + properties: + hosts: + description: Required. List of host names to match. Matched + against HOST header in http requests. Each host can + be an exact match, or a prefix match (example, “mydomain.*”) + or a suffix match (example, *.myorg.com”) or a presence(any) + match “*”. + items: + type: string + type: array + httpHeaderMatch: + description: Optional. Match against key:value pair in + http header. Provides a flexible match based on HTTP + headers, for potentially advanced use cases. + properties: + headerName: + description: Required. The name of the HTTP header + to match. For matching against the HTTP request's + authority, use a headerMatch with the header name + ":authority". For matching a request's method, use + the headerName ":method". + type: string + regexMatch: + description: 'Required. The value of the header must + match the regular expression specified in regexMatch. + For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript + For matching against a port specified in the HTTP + request, use a headerMatch with headerName set to + Host and a regular expression that satisfies the + RFC2616 Host header''s port specifier.' + type: string + required: + - headerName + - regexMatch + type: object + methods: + description: Optional. A list of HTTP methods to match. + Should not be set for gRPC services. + items: + type: string + type: array + ports: + description: Required. List of destination ports to match. + items: + format: int64 + type: integer + type: array + required: + - hosts + - ports + type: object + type: array + sources: + description: Optional. List of attributes for the traffic source. + If not set, the action specified in the ‘action’ field will + be applied without any rule checks for the source. + items: + properties: + ipBlocks: + description: Optional. List of CIDR ranges to match based + on source IP address. Single IP (e.g., "1.2.3.4") and + CIDR (e.g., "1.2.3.0/24") are supported. + items: + type: string + type: array + principals: + description: Optional. List of peer identities to match + for authorization. Each peer can be an exact match, + or a prefix match (example, “namespace/*”) or a suffix + match (example, */service-account”) or a presence match + “*”. + items: + type: string + type: array + type: object + type: array + type: object + type: array required: + - action + - location - projectRef type: object status: @@ -62923,6 +89038,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -62930,6 +89049,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -62949,25 +89072,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: monitoringuptimecheckconfigs.monitoring.cnrm.cloud.google.com + name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: monitoring.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: MonitoringUptimeCheckConfig - plural: monitoringuptimecheckconfigs + kind: NetworkSecurityClientTLSPolicy + plural: networksecurityclienttlspolicies shortNames: - - gcpmonitoringuptimecheckconfig - - gcpmonitoringuptimecheckconfigs - singular: monitoringuptimecheckconfig + - gcpnetworksecurityclienttlspolicy + - gcpnetworksecurityclienttlspolicies + singular: networksecurityclienttlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63005,171 +89128,42 @@ spec: type: object spec: properties: - contentMatchers: - description: The content that is expected to appear in the data returned - by the target server against which the check is run. Currently, - only the first entry in the `content_matchers` list is supported, - and additional entries will be ignored. This field is optional and - should only be specified if a content match is required as part - of the/ Uptime check. - items: - properties: - content: - type: string - matcher: - description: ' Possible values: CONTENT_MATCHER_OPTION_UNSPECIFIED, - CONTAINS_STRING, NOT_CONTAINS_STRING, MATCHES_REGEX, NOT_MATCHES_REGEX' - type: string - required: - - content - type: object - type: array - displayName: - description: A human-friendly name for the Uptime check configuration. - The display name should be unique within a Stackdriver Workspace - in order to make it easier to identify; however, uniqueness is not - enforced. Required. - type: string - httpCheck: - description: Contains information needed to make an HTTP or HTTPS - check. + clientCertificate: + description: Optional. Defines a mechanism to provision client identity + (public and private keys) for peer to peer authentication. The presence + of this dictates mTLS. properties: - authInfo: - description: The authentication information. Optional when creating - an HTTP check; defaults to empty. + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. properties: - password: - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key - in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to - be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object - type: object - username: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. type: string required: - - password - - username - type: object - body: - description: 'The request body associated with the HTTP POST request. - If `content_type` is `URL_ENCODED`, the body passed in must - be URL-encoded. Users can provide a `Content-Length` header - via the `headers` field or the API will do so. If the `request_method` - is `GET` and `body` is not empty, the API will return an error. - The maximum byte size is 1 megabyte. Note: As with all `bytes` - fields JSON representations are base64 encoded. e.g.: "foo=bar" - in URL-encoded form is "foo%3Dbar" and in base64 encoding is - "Zm9vJTI1M0RiYXI=".' - type: string - contentType: - description: 'Immutable. The content type to use for the check. Possible - values: TYPE_UNSPECIFIED, URL_ENCODED' - type: string - headers: - additionalProperties: - type: string - description: The list of headers to send as part of the Uptime - check request. If two headers have the same key and different - values, they should be entered as a single header, with the - value being a comma-separated list of all the desired values - as described at https://www.w3.org/Protocols/rfc2616/rfc2616.txt - (page 31). Entering two separate headers with the same key in - a Create call will cause the first to be overwritten by the - second. The maximum number of headers allowed is 100. + - pluginInstance type: object - maskHeaders: - description: Immutable. Boolean specifying whether to encrypt - the header information. Encryption should be specified for any - headers related to authentication that you do not wish to be - seen when retrieving the configuration. The server will be responsible - for encrypting the headers. On Get/List calls, if `mask_headers` - is set to `true` then the headers will be obscured with `******.` - type: boolean - path: - description: Optional (defaults to "/"). The path to the page - against which to run the check. Will be combined with the `host` - (specified within the `monitored_resource`) and `port` to construct - the full URL. If the provided path does not begin with "/", - a "/" will be prepended automatically. - type: string - port: - description: Optional (defaults to 80 when `use_ssl` is `false`, - and 443 when `use_ssl` is `true`). The TCP port on the HTTP - server against which to run the check. Will be combined with - host (specified within the `monitored_resource`) and `path` - to construct the full URL. - format: int64 - type: integer - requestMethod: - description: Immutable. The HTTP request method to use for the - check. If set to `METHOD_UNSPECIFIED` then `request_method` - defaults to `GET`. - type: string - useSsl: - description: If `true`, use HTTPS instead of HTTP to run the check. - type: boolean - validateSsl: - description: Boolean specifying whether to include SSL certificate - validation as a part of the Uptime check. Only applies to checks - where `monitored_resource` is set to `uptime_url`. If `use_ssl` - is `false`, setting `validate_ssl` to `true` has no effect. - type: boolean - type: object - monitoredResource: - description: 'Immutable. The [monitored resource](https://cloud.google.com/monitoring/api/resources) - associated with the configuration. The following monitored resource - types are supported for Uptime checks: `uptime_url`, `gce_instance`, `gae_app`, `aws_ec2_instance`, `aws_elb_load_balancer`' - properties: - filterLabels: - additionalProperties: - type: string - description: Immutable. + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri type: object - type: - description: Immutable. - type: string - required: - - filterLabels - - type type: object - period: - description: How often, in seconds, the Uptime check is performed. - Currently, the only supported values are `60s` (1 minute), `300s` - (5 minutes), `600s` (10 minutes), and `900s` (15 minutes). Optional, - defaults to `60s`. + description: + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string projectRef: description: Immutable. The Project that this resource belongs to. @@ -63190,7 +89184,7 @@ spec: properties: external: description: |- - The project for this uptime check config. + The project for the resource Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). type: string @@ -63201,78 +89195,49 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceGroup: - description: Immutable. The group resource associated with the configuration. - properties: - groupRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The group of resources being monitored. Should be only the `[GROUP_ID]`, and not the full-path `projects/[PROJECT_ID_OR_NUMBER]/groups/[GROUP_ID]`. - - Allowed value: The Google Cloud resource name of a `MonitoringGroup` resource (format: `projects/{{project}}/groups/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceType: - description: 'Immutable. The resource type of the group members. - Possible values: RESOURCE_TYPE_UNSPECIFIED, INSTANCE, AWS_ELB_LOAD_BALANCER' - type: string - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - selectedRegions: - description: The list of regions from which the check will be run. - Some regions contain one location, and others contain more than - one. If this field is specified, enough regions must be provided - to include a minimum of 3 locations. Not specifying this field - will result in Uptime checks running from all available regions. + serverValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the server certificate. items: - type: string + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object type: array - tcpCheck: - description: Contains information needed to make a TCP check. - properties: - port: - description: The TCP port on the server against which to run the - check. Will be combined with host (specified within the `monitored_resource`) - to construct the full URL. Required. - format: int64 - type: integer - required: - - port - type: object - timeout: - description: The maximum amount of time to wait for the request to - complete (must be between 1 and 60 seconds). Required. + sni: + description: 'Optional. Server Name Indication string to present to + the server during TLS handshake. E.g: "secure.example.com".' type: string required: - - displayName - - projectRef - - timeout + - location type: object status: properties: @@ -63302,6 +89267,10 @@ spec: type: string type: object type: array + createTime: + description: Output only. The timestamp when the resource was created. + format: date-time + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63309,6 +89278,10 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string type: object required: - spec @@ -63328,25 +89301,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: networkconnectivityhubs.networkconnectivity.cnrm.cloud.google.com + name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networksecurity.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivityHub - plural: networkconnectivityhubs + kind: NetworkSecurityServerTLSPolicy + plural: networksecurityservertlspolicies shortNames: - - gcpnetworkconnectivityhub - - gcpnetworkconnectivityhubs - singular: networkconnectivityhub + - gcpnetworksecurityservertlspolicy + - gcpnetworksecurityservertlspolicies + singular: networksecurityservertlspolicy preserveUnknownFields: false scope: Namespaced versions: @@ -63384,9 +89357,63 @@ spec: type: object spec: properties: + allowOpen: + description: Optional. Determines if server allows plaintext connections. + If set to true, server allows plain text connections. By default, + it is set to false. This setting is not exclusive of other encryption + modes. For example, if allow_open and mtls_policy are set, server + allows both plain text and mTLS connections. See documentation of + other encryption modes to confirm compatibility. + type: boolean description: - description: An optional description of the hub. + description: Optional. Free-text description of the resource. + type: string + location: + description: Immutable. The location for the resource type: string + mtlsPolicy: + description: Optional. Defines a mechanism to provision peer validation + certificates for peer to peer authentication (Mutual TLS - mTLS). + If not specified, client certificate will not be requested. The + connection is treated as TLS and not mTLS. If allow_open and mtls_policy + are set, server allows both plain text and mTLS connections. + properties: + clientValidationCa: + description: Required. Defines the mechanism to obtain the Certificate + Authority certificate to validate the client certificate. + items: + properties: + certificateProviderInstance: + description: The certificate provider instance specification + that will be passed to the data plane, which will be used + to load necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to + locate and load CertificateProvider instance configuration. + Set to "google_cloud_private_spiffe" to use Certificate + Authority Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC + server to obtain the CA certificate. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with + “unix:”. + type: string + required: + - targetUri + type: object + type: object + type: array + required: + - clientValidationCa + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -63422,8 +89449,39 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + serverCertificate: + description: Optional. Defines a mechanism to provision server identity + (public and private keys). Cannot be combined with allow_open as + a permissive mode that allows both plain text and TLS is not supported. + properties: + certificateProviderInstance: + description: The certificate provider instance specification that + will be passed to the data plane, which will be used to load + necessary credential information. + properties: + pluginInstance: + description: Required. Plugin instance name, used to locate + and load CertificateProvider instance configuration. Set + to "google_cloud_private_spiffe" to use Certificate Authority + Service certificate provider instance. + type: string + required: + - pluginInstance + type: object + grpcEndpoint: + description: gRPC specific configuration to access the gRPC server + to obtain the cert and private key. + properties: + targetUri: + description: Required. The target URI of the gRPC endpoint. + Only UDS path is supported, and should start with “unix:”. + type: string + required: + - targetUri + type: object + type: object required: - - projectRef + - location type: object status: properties: @@ -63454,7 +89512,7 @@ spec: type: object type: array createTime: - description: Output only. The time the hub was created. + description: Output only. The timestamp when the resource was created. format: date-time type: string observedGeneration: @@ -63464,31 +89522,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - routingVpcs: - description: The VPC network associated with this hub's spokes. All - of the VPN tunnels, VLAN attachments, and router appliance instances - referenced by this hub's spokes must belong to this VPC network. - This field is read-only. Network Connectivity Center automatically - populates it based on the set of spokes attached to the hub. - items: - properties: - uri: - description: The URI of the VPC network. - type: string - type: object - type: array - state: - description: 'Output only. The current lifecycle state of this hub. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the hub. This - value is unique across all hub resources. If a hub is deleted and - another with the same name is created, the new hub is assigned a - different unique_id. - type: string updateTime: - description: Output only. The time the hub was last updated. + description: Output only. The timestamp when the resource was updated. format: date-time type: string type: object @@ -63510,25 +89545,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networkconnectivityspokes.networkconnectivity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecachekeysets.networkservices.cnrm.cloud.google.com spec: - group: networkconnectivity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkConnectivitySpoke - plural: networkconnectivityspokes + kind: NetworkServicesEdgeCacheKeyset + plural: networkservicesedgecachekeysets shortNames: - - gcpnetworkconnectivityspoke - - gcpnetworkconnectivityspokes - singular: networkconnectivityspoke + - gcpnetworkservicesedgecachekeyset + - gcpnetworkservicesedgecachekeysets + singular: networkservicesedgecachekeyset preserveUnknownFields: false scope: Namespaced versions: @@ -63548,7 +89583,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63567,10 +89602,10 @@ spec: spec: properties: description: - description: An optional description of the spoke. + description: A human-readable description of the resource. type: string - hubRef: - description: Immutable. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -63587,10 +89622,7 @@ spec: - external properties: external: - description: |- - Immutable. The URI of the hub that this spoke is attached to. - - Allowed value: The Google Cloud resource name of a `NetworkConnectivityHub` resource (format: `projects/{{project}}/locations/global/hubs/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -63599,188 +89631,101 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - linkedInterconnectAttachments: - description: Immutable. A collection of VLAN attachment resources. - These resources should be redundant attachments that all advertise - the same prefixes to Google Cloud. Alternatively, in active/passive - configurations, all attachments should be capable of advertising - the same prefixes. - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: + publicKey: + description: |- + An ordered list of Ed25519 public keys to use for validating signed requests. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + You may specify no more than one Google-managed public key. + If you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys. + + Ed25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key. + Ensure that the private key is kept secret, and that only authorized users can add public keys to a keyset. + items: + properties: + id: + description: |- + The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035. + The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* + which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + type: string + managed: + description: Set to true to have the CDN automatically manage + this public key value. + type: boolean + value: + description: |- + The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). + Representations or encodings of the public key other than this will be rejected with an error. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeInterconnectAttachment` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - linkedRouterApplianceInstances: - description: Immutable. The URIs of linked Router appliance resources - properties: - instances: - description: Immutable. The list of router appliance instances - items: + - valueFrom properties: - ipAddress: - description: Immutable. The IP address on the VM to use - for peering. + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - virtualMachineRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. properties: - external: - description: |- - The URI of the virtual machine resource - - Allowed value: The `selfLink` field of a `ComputeInstance` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + secretKeyRef: + description: Reference to a value with the given key + in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be + extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object type: object type: object - type: array - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - required: - - instances - - siteToSiteDataTransfer - type: object - linkedVpnTunnels: - description: Immutable. The URIs of linked VPN tunnel resources - properties: - siteToSiteDataTransfer: - description: Immutable. A value that controls whether site-to-site - data transfer is enabled for these resources. Note that data - transfer is available only in supported locations. - type: boolean - uris: - description: Immutable. - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeVPNTunnel` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - required: - - siteToSiteDataTransfer - - uris - type: object - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - id + type: object + type: array resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + validationSharedKeys: + description: |- + An ordered list of shared keys to use for validating signed requests. + Shared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset. + You can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys. + You must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first. + items: + properties: + secretVersion: + description: |- + The name of the secret version in Secret Manager. + + The resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves. + The secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using. + * If you are using HMAC-SHA1, we suggest 20-byte secrets. + * If you are using HMAC-SHA256, we suggest 32-byte secrets. + See RFC 2104, Section 3 for more details on these recommendations. + type: string + required: + - secretVersion + type: object + type: array required: - - hubRef - - location - projectRef type: object status: @@ -63811,10 +89756,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The time the spoke was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -63822,20 +89763,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Output only. The current lifecycle state of this spoke. - Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING' - type: string - uniqueId: - description: Output only. The Google-generated UUID for the spoke. - This value is unique across all spoke resources. If a spoke is deleted - and another with the same name is created, the new spoke is assigned - a different unique_id. - type: string - updateTime: - description: Output only. The time the spoke was last updated. - format: date-time - type: string type: object required: - spec @@ -63855,25 +89782,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityauthorizationpolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheorigins.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityAuthorizationPolicy - plural: networksecurityauthorizationpolicies + kind: NetworkServicesEdgeCacheOrigin + plural: networkservicesedgecacheorigins shortNames: - - gcpnetworksecurityauthorizationpolicy - - gcpnetworksecurityauthorizationpolicies - singular: networksecurityauthorizationpolicy + - gcpnetworkservicesedgecacheorigin + - gcpnetworkservicesedgecacheorigins + singular: networkservicesedgecacheorigin preserveUnknownFields: false scope: Namespaced versions: @@ -63893,7 +89820,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -63911,19 +89838,137 @@ spec: type: object spec: properties: - action: - description: 'Required. The action to take when a rule match is found. - Possible values are "ALLOW" or "DENY". Possible values: ACTION_UNSPECIFIED, - ALLOW, DENY' - type: string + awsV4Authentication: + description: Enable AWS Signature Version 4 origin authentication. + properties: + accessKeyId: + description: The access key ID your origin uses to identify the + key. + type: string + originRegion: + description: The name of the AWS region that your origin is in. + type: string + secretAccessKeyVersion: + description: |- + The Secret Manager secret version of the secret access key used by your origin. + + This is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require. + type: string + required: + - accessKeyId + - originRegion + - secretAccessKeyVersion + type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + failoverOrigin: + description: |- + The Origin resource to try when the current origin cannot be reached. + After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request. + + The value of timeout.maxAttemptsTimeout dictates the timeout across all origins. + A reference to a Topic resource. + type: string + maxAttempts: + description: |- + The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions. + + Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts, + retryConditions and failoverOrigin to control its own cache fill failures. + + The total number of allowed attempts to cache fill across this and failover origins is limited to four. + The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout. + + The last valid, non-retried response from all origins will be returned to the client. + If no origin returns a valid response, an HTTP 502 will be returned to the client. + + Defaults to 1. Must be a value greater than 0 and less than 4. + type: integer + originAddress: + description: |- + A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket. + + This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname + + When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes. + If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected. type: string + originOverrideAction: + description: |- + The override actions, including url rewrites and header + additions, for requests that use this origin. + properties: + headerAction: + description: |- + The header actions, including adding and removing + headers, for request handled by this origin. + properties: + requestHeadersToAdd: + description: |- + Describes a header to add. + + You may add a maximum of 25 request headers. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to add. + type: string + replace: + description: |- + Whether to replace all existing headers with the same name. + + By default, added header values are appended + to the response or request headers with the + same field names. The added values are + separated by commas. + + To overwrite existing values, set 'replace' to 'true'. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + type: object + urlRewrite: + description: |- + The URL rewrite configuration for request that are + handled by this origin. + properties: + hostRewrite: + description: |- + Prior to forwarding the request to the selected + origin, the request's host header is replaced with + contents of the hostRewrite. + + This value must be between 1 and 255 characters. + type: string + type: object + type: object + originRedirect: + description: Follow redirects from this origin. + properties: + redirectConditions: + description: |- + The set of redirect response codes that the CDN + follows. Values of + [RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions) + are accepted. + items: + type: string + type: array + type: object + port: + description: |- + The port to connect to the origin on. + Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP. + type: integer projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -63940,115 +89985,94 @@ spec: - external properties: external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + protocol: + description: |- + The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance. + + When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: ["HTTP2", "HTTPS", "HTTP"]. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retryConditions: + description: |- + Specifies one or more retry conditions for the configured origin. + + If the failure mode during a connection attempt to the origin matches the configured retryCondition(s), + the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request. + + The default retryCondition is "CONNECT_FAILURE". + + retryConditions apply to this origin, and not subsequent failoverOrigin(s), + which may specify their own retryConditions and maxAttempts. + + Valid values are: + + - CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts. + - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams. + - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504. + - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests) + - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. + - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]. + items: + type: string + type: array + timeout: + description: The connection and HTTP timeout configuration for this + origin. + properties: + connectTimeout: description: |- - The project for the resource + The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment. + + Defaults to 5 seconds. The timeout must be a value between 1s and 15s. + + The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout. + type: string + maxAttemptsTimeout: + description: |- + The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins. + type: string + readTimeout: + description: |- + The maximum duration to wait between reads of a single HTTP connection/stream. + + Defaults to 15 seconds. The timeout must be a value between 1s and 30s. + + The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout. - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + If the response headers have already been written to the connection, the response will be truncated and logged. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + responseTimeout: + description: |- + The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream. + + Defaults to 30 seconds. The timeout must be a value between 1s and 120s. + + The responseTimeout starts after the connection has been established. + + This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client. + + If the response headers have already been written to the connection, the response will be truncated and logged. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - rules: - description: Optional. List of rules to match. If not set, the action - specified in the ‘action’ field will be applied without any additional - rule checks. - items: - properties: - destinations: - description: Optional. List of attributes for the traffic destination. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the destination. - items: - properties: - hosts: - description: Required. List of host names to match. Matched - against HOST header in http requests. Each host can - be an exact match, or a prefix match (example, “mydomain.*”) - or a suffix match (example, *.myorg.com”) or a presence(any) - match “*”. - items: - type: string - type: array - httpHeaderMatch: - description: Optional. Match against key:value pair in - http header. Provides a flexible match based on HTTP - headers, for potentially advanced use cases. - properties: - headerName: - description: Required. The name of the HTTP header - to match. For matching against the HTTP request's - authority, use a headerMatch with the header name - ":authority". For matching a request's method, use - the headerName ":method". - type: string - regexMatch: - description: 'Required. The value of the header must - match the regular expression specified in regexMatch. - For regular expression grammar, please see: en.cppreference.com/w/cpp/regex/ecmascript - For matching against a port specified in the HTTP - request, use a headerMatch with headerName set to - Host and a regular expression that satisfies the - RFC2616 Host header''s port specifier.' - type: string - required: - - headerName - - regexMatch - type: object - methods: - description: Optional. A list of HTTP methods to match. - Should not be set for gRPC services. - items: - type: string - type: array - ports: - description: Required. List of destination ports to match. - items: - format: int64 - type: integer - type: array - required: - - hosts - - ports - type: object - type: array - sources: - description: Optional. List of attributes for the traffic source. - If not set, the action specified in the ‘action’ field will - be applied without any rule checks for the source. - items: - properties: - ipBlocks: - description: Optional. List of CIDR ranges to match based - on source IP address. Single IP (e.g., "1.2.3.4") and - CIDR (e.g., "1.2.3.0/24") are supported. - items: - type: string - type: array - principals: - description: Optional. List of peer identities to match - for authorization. Each peer can be an exact match, - or a prefix match (example, “namespace/*”) or a suffix - match (example, */service-account”) or a presence match - “*”. - items: - type: string - type: array - type: object - type: array - type: object - type: array required: - - action - - location + - originAddress - projectRef type: object status: @@ -64079,10 +90103,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64090,10 +90110,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64113,25 +90129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" - name: networksecurityclienttlspolicies.networksecurity.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: networkservicesedgecacheservices.networkservices.cnrm.cloud.google.com spec: - group: networksecurity.cnrm.cloud.google.com + group: networkservices.cnrm.cloud.google.com names: categories: - gcp - kind: NetworkSecurityClientTLSPolicy - plural: networksecurityclienttlspolicies + kind: NetworkServicesEdgeCacheService + plural: networkservicesedgecacheservices shortNames: - - gcpnetworksecurityclienttlspolicy - - gcpnetworksecurityclienttlspolicies - singular: networksecurityclienttlspolicy + - gcpnetworkservicesedgecacheservice + - gcpnetworkservicesedgecacheservices + singular: networkservicesedgecacheservice preserveUnknownFields: false scope: Namespaced versions: @@ -64151,7 +90167,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -64169,45 +90185,50 @@ spec: type: object spec: properties: - clientCertificate: - description: Optional. Defines a mechanism to provision client identity - (public and private keys) for peer to peer authentication. The presence - of this dictates mTLS. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object description: - description: Optional. Free-text description of the resource. + description: A human-readable description of the resource. type: string - location: - description: Immutable. The location for the resource + disableHttp2: + description: |- + Disables HTTP/2. + + HTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection. + + Some legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated. + type: boolean + disableQuic: + description: HTTP/3 (IETF QUIC) and Google QUIC are enabled by default. + type: boolean + edgeSecurityPolicy: + description: Resource URL that points at the Cloud Armor edge security + policy that is applied on each request against the EdgeCacheService. type: string + edgeSslCertificates: + description: |- + URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService. + + Note that only "global" certificates with a "scope" of "EDGE_CACHE" can be attached to an EdgeCacheService. + items: + type: string + type: array + logConfig: + description: Specifies the logging options for the traffic served + by this service. If logging is enabled, logs will be exported to + Cloud Logging. + properties: + enable: + description: Specifies whether to enable logging for traffic served + by this service. + type: boolean + sampleRate: + description: |- + Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1]. + + This field can only be specified if logging is enabled for this service. + type: number + type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -64224,10 +90245,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -64236,49 +90254,721 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + requireTls: + description: |- + Require TLS (HTTPS) for all clients connecting to this service. + + Clients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443). + You must have at least one (1) edgeSslCertificate specified to enable this. + type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - serverValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the server certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. + routing: + description: Defines how requests are routed, modified, cached and/or + which origin content is filled from. + properties: + hostRule: + description: The list of hostRules to match against. These rules + define which hostnames the EdgeCacheService will match against, + and which route configurations apply. + items: properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. + description: + description: A human-readable description of the hostRule. + type: string + hosts: + description: |- + The list of host patterns to match. + + Host patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string. + + When multiple hosts are specified, hosts are matched in the following priority: + + 1. Exact domain names: ''www.foo.com''. + 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''. + 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''. + 4. Special wildcard ''*'' matching any domain. + + Notes: + + The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service. + + Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the ":authority" header, from the incoming request. + + You may specify up to 10 hosts. + items: + type: string + type: array + pathMatcher: + description: The name of the pathMatcher associated with + this hostRule. type: string required: - - pluginInstance + - hosts + - pathMatcher type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. + type: array + pathMatcher: + description: The list of pathMatchers referenced via name by hostRules. + PathMatcher is used to match the path portion of the URL when + a HostRule matches the URL's host portion. + items: properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. + description: + description: A human-readable description of the resource. + type: string + name: + description: The name to which this PathMatcher is referred + by the HostRule. type: string + routeRule: + description: The routeRules to match against. routeRules + support advanced routing behaviour, and can match on paths, + headers and query parameters, as well as status codes + and HTTP methods. + items: + properties: + description: + description: A human-readable description of the routeRule. + type: string + headerAction: + description: The header actions, including adding + & removing headers, for requests that match this + route. + properties: + requestHeaderToAdd: + description: Describes a header to add. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + requestHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: The name of the header to remove. + type: string + required: + - headerName + type: object + type: array + responseHeaderToAdd: + description: |- + Headers to add to the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + items: + properties: + headerName: + description: The name of the header to add. + type: string + headerValue: + description: The value of the header to + add. + type: string + replace: + description: Whether to replace all existing + headers with the same name. + type: boolean + required: + - headerName + - headerValue + type: object + type: array + responseHeaderToRemove: + description: A list of header names for headers + that need to be removed from the request prior + to forwarding the request to the origin. + items: + properties: + headerName: + description: |- + Headers to remove from the response prior to sending it back to the client. + + Response headers are only sent to the client, and do not have an effect on the cache serving the response. + type: string + required: + - headerName + type: object + type: array + type: object + matchRule: + description: |- + The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates + within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule. + items: + properties: + fullPathMatch: + description: For satisfying the matchRule condition, + the path of the request must exactly match + the value specified in fullPathMatch after + removing any query parameters and anchor that + may be part of the original URL. + type: string + headerMatch: + description: Specifies a list of header match + criteria, all of which must match corresponding + headers in the request. + items: + properties: + exactMatch: + description: The value of the header should + exactly match contents of exactMatch. + type: string + headerName: + description: The header name to match + on. + type: string + invertMatch: + description: |- + If set to false (default), the headerMatch is considered a match if the match criteria above are met. + If set to true, the headerMatch is considered a match if the match criteria above are NOT met. + type: boolean + prefixMatch: + description: The value of the header must + start with the contents of prefixMatch. + type: string + presentMatch: + description: A header with the contents + of headerName must exist. The match + takes place whether or not the request's + header has a value. + type: boolean + suffixMatch: + description: The value of the header must + end with the contents of suffixMatch. + type: string + required: + - headerName + type: object + type: array + ignoreCase: + description: Specifies that prefixMatch and + fullPathMatch matches are case sensitive. + type: boolean + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string + prefixMatch: + description: For satisfying the matchRule condition, + the request's path must begin with the specified + prefixMatch. prefixMatch must begin with a + /. + type: string + queryParameterMatch: + description: Specifies a list of query parameter + match criteria, all of which must match corresponding + query parameters in the request. + items: + properties: + exactMatch: + description: The queryParameterMatch matches + if the value of the parameter exactly + matches the contents of exactMatch. + type: string + name: + description: The name of the query parameter + to match. The query parameter must exist + in the request, in the absence of which + the request match fails. + type: string + presentMatch: + description: Specifies that the queryParameterMatch + matches if the request contains the + query parameter, irrespective of whether + the parameter has a value or not. + type: boolean + required: + - name + type: object + type: array + type: object + type: array + origin: + description: |- + The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names ("my-origin") or fully-qualified resource URLs - e.g. "networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin" + + Only one of origin or urlRedirect can be set. + type: string + priority: + description: |- + The priority of this route rule, where 1 is the highest priority. + + You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive. + + Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers + to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules. + type: string + routeAction: + description: In response to a matching path, the routeAction + performs advanced routing actions like URL rewrites, + header transformations, etc. prior to forwarding + the request to the selected origin. + properties: + cdnPolicy: + description: The policy to use for defining caching + and signed request behaviour for requests that + match this route. + properties: + addSignatures: + description: |- + Enable signature generation or propagation on this route. + + This field may only be specified when signedRequestMode is set to REQUIRE_TOKENS. + properties: + actions: + description: 'The actions to take to add + signatures to responses. Possible values: + ["GENERATE_COOKIE", "GENERATE_TOKEN_HLS_COOKIELESS", + "PROPAGATE_TOKEN_HLS_COOKIELESS"].' + items: + type: string + type: array + copiedParameters: + description: |- + The parameters to copy from the verified token to the generated token. + + Only the following parameters may be copied: + + * 'PathGlobs' + * 'paths' + * 'acl' + * 'URLPrefix' + * 'IPRanges' + * 'SessionID' + * 'id' + * 'Data' + * 'data' + * 'payload' + * 'Headers' + + You may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed. + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + items: + type: string + type: array + keyset: + description: |- + The keyset to use for signature generation. + + The following are both valid paths to an EdgeCacheKeyset resource: + + * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset' + * 'yourKeyset' + + This must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise. + type: string + tokenQueryParameter: + description: |- + The query parameter in which to put the generated token. + + If not specified, defaults to 'edge-cache-token'. + + If specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + This field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified. + type: string + tokenTtl: + description: |- + The duration the token is valid starting from the moment the token is first generated. + + Defaults to '86400s' (1 day). + + The TTL must be >= 0 and <= 604,800 seconds (1 week). + + This field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - actions + type: object + cacheKeyPolicy: + description: Defines the request parameters + that contribute to the cache key. + properties: + excludeHost: + description: |- + If true, requests to different hosts will be cached separately. + + Note: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched. + type: boolean + excludeQueryString: + description: |- + If true, exclude query string parameters from the cache key + + If false (the default), include the query string parameters in + the cache key according to includeQueryParameters and + excludeQueryParameters. If neither includeQueryParameters nor + excludeQueryParameters is set, the entire query string will be + included. + type: boolean + excludedQueryParameters: + description: |- + Names of query string parameters to exclude from cache keys. All other parameters will be included. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + includeProtocol: + description: If true, http and https requests + will be cached separately. + type: boolean + includedCookieNames: + description: |- + Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key. + + Cookie names: + - must be valid RFC 6265 "cookie-name" tokens + - are case sensitive + - cannot start with "Edge-Cache-" (case insensitive) + + Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + + You may specify up to three cookie names. + items: + type: string + type: array + includedHeaderNames: + description: |- + Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key. + + - Header names must be valid HTTP RFC 7230 header field values. + - Header field names are case insensitive + - To include the HTTP method, use ":method" + + Note that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance. + items: + type: string + type: array + includedQueryParameters: + description: |- + Names of query string parameters to include in cache keys. All other parameters will be excluded. + + Either specify includedQueryParameters or excludedQueryParameters, not both. '&' and '=' will be percent encoded and not treated as delimiters. + items: + type: string + type: array + type: object + cacheMode: + description: |- + Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses. + + For all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: ["CACHE_ALL_STATIC", "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", "BYPASS_CACHE"]. + type: string + clientTtl: + description: |- + Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response. + + - The TTL must be > 0 and <= 86400s (1 day) + - The clientTtl cannot be larger than the defaultTtl (if set) + - Fractions of a second are not allowed. + + Omit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + A duration in seconds terminated by 's'. Example: "3s". + type: string + defaultTtl: + description: |- + Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). + + Defaults to 3600s (1 hour). + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" (equivalent to must-revalidate) + - The value of defaultTTL cannot be set to a value greater than that of maxTTL. + - Fractions of a second are not allowed. + - When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. + + Note that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin. + + When the cache mode is set to "USE_ORIGIN_HEADERS" or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + maxTtl: + description: |- + Specifies the maximum allowed TTL for cached content served by this origin. + + Defaults to 86400s (1 day). + + Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. + + - The TTL must be >= 0 and <= 31,536,000 seconds (1 year) + - Setting a TTL of "0" means "always revalidate" + - The value of maxTtl must be equal to or greater than defaultTtl. + - Fractions of a second are not allowed. + + When the cache mode is set to "USE_ORIGIN_HEADERS", "FORCE_CACHE_ALL", or "BYPASS_CACHE", you must omit this field. + + A duration in seconds terminated by 's'. Example: "3s". + type: string + negativeCaching: + description: |- + Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. + + By default, the CDNPolicy will apply the following default TTLs to these status codes: + + - HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m + - HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s + - HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s + + These defaults can be overridden in negativeCachingPolicy. + type: boolean + negativeCachingPolicy: + additionalProperties: + type: string + description: |- + Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. + + - Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching. + - TTLs must be >= 0 (where 0 is "always revalidate") and <= 86400s (1 day) + + Note that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists. + type: object + signedRequestKeyset: + description: The EdgeCacheKeyset containing + the set of public keys used to validate + signed requests at the edge. + type: string + signedRequestMaximumExpirationTtl: + description: |- + Limit how far into the future the expiration time of a signed request may be. + + When set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN. + + - The TTL must be > 0. + - Fractions of a second are not allowed. + + By default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future. + type: string + signedRequestMode: + description: |- + Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access. + + You must also set a signedRequestKeyset to enable signed requests. + + When set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: ["DISABLED", "REQUIRE_SIGNATURES", "REQUIRE_TOKENS"]. + type: string + signedTokenOptions: + description: |- + Additional options for signed tokens. + + signedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS. + properties: + allowedSignatureAlgorithms: + description: |- + The allowed signature algorithms to use. + + Defaults to using only ED25519. + + You may specify up to 3 signature algorithms to use. Possible values: ["ED25519", "HMAC_SHA_256", "HMAC_SHA1"]. + items: + type: string + type: array + tokenQueryParameter: + description: |- + The query parameter in which to find the token. + + The name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit. + + Defaults to 'edge-cache-token'. + type: string + type: object + type: object + corsPolicy: + description: CORSPolicy defines Cross-Origin-Resource-Sharing + configuration, including which CORS response + headers will be set. + properties: + allowCredentials: + description: |- + In response to a preflight request, setting this to true indicates that the actual request can include user credentials. + + This translates to the Access-Control-Allow-Credentials response header. + type: boolean + allowHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + allowMethods: + description: Specifies the content for the + Access-Control-Allow-Methods response header. + items: + type: string + type: array + allowOrigins: + description: |- + Specifies the list of origins that will be allowed to do CORS requests. + + This translates to the Access-Control-Allow-Origin response header. + items: + type: string + type: array + disabled: + description: If true, specifies the CORS policy + is disabled. The default value is false, + which indicates that the CORS policy is + in effect. + type: boolean + exposeHeaders: + description: Specifies the content for the + Access-Control-Allow-Headers response header. + items: + type: string + type: array + maxAge: + description: |- + Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes). + + - Setting the value to -1 forces a pre-flight check for all requests (not recommended) + - A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval. + - This translates to the Access-Control-Max-Age header. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + required: + - maxAge + type: object + urlRewrite: + description: The URL rewrite configuration for + requests that match this route. + properties: + hostRewrite: + description: Prior to forwarding the request + to the selected origin, the request's host + header is replaced with contents of hostRewrite. + type: string + pathPrefixRewrite: + description: Prior to forwarding the request + to the selected origin, the matching portion + of the request's path is replaced by pathPrefixRewrite. + type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string + type: object + type: object + urlRedirect: + description: The URL redirect configuration for requests + that match this route. + properties: + hostRedirect: + description: The host that will be used in the + redirect response instead of the one that was + supplied in the request. + type: string + httpsRedirect: + description: |- + If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request. + + This can only be set if there is at least one (1) edgeSslCertificate set on the service. + type: boolean + pathRedirect: + description: |- + The path that will be used in the redirect response instead of the one that was supplied in the request. + + pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + + The path value must be between 1 and 1024 characters. + type: string + prefixRedirect: + description: |- + The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request. + + prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect. + type: string + redirectResponseCode: + description: |- + The HTTP Status code to use for this RedirectAction. + + The supported values are: + + - 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301. + - 'FOUND', which corresponds to 302. + - 'SEE_OTHER' which corresponds to 303. + - 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained. + - 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: ["MOVED_PERMANENTLY_DEFAULT", "FOUND", "SEE_OTHER", "TEMPORARY_REDIRECT", "PERMANENT_REDIRECT"]. + type: string + stripQuery: + description: If set to true, any accompanying + query portion of the original URL is removed + prior to redirecting the request. If set to + false, the query portion of the original URL + is retained. + type: boolean + type: object + required: + - matchRule + - priority + type: object + type: array required: - - targetUri + - name + - routeRule type: object - type: object - type: array - sni: - description: 'Optional. Server Name Indication string to present to - the server during TLS handshake. E.g: "secure.example.com".' + type: array + required: + - hostRule + - pathMatcher + type: object + sslPolicy: + description: |- + URL of the SslPolicy resource that will be associated with the EdgeCacheService. + + If not set, the EdgeCacheService has no SSL policy configured, and will default to the "COMPATIBLE" policy. type: string required: - - location + - projectRef + - routing type: object status: properties: @@ -64308,254 +90998,18 @@ spec: type: string type: object type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: networksecurityservertlspolicies.networksecurity.cnrm.cloud.google.com -spec: - group: networksecurity.cnrm.cloud.google.com - names: - categories: - - gcp - kind: NetworkSecurityServerTLSPolicy - plural: networksecurityservertlspolicies - shortNames: - - gcpnetworksecurityservertlspolicy - - gcpnetworksecurityservertlspolicies - singular: networksecurityservertlspolicy - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - allowOpen: - description: Optional. Determines if server allows plaintext connections. - If set to true, server allows plain text connections. By default, - it is set to false. This setting is not exclusive of other encryption - modes. For example, if allow_open and mtls_policy are set, server - allows both plain text and mTLS connections. See documentation of - other encryption modes to confirm compatibility. - type: boolean - description: - description: Optional. Free-text description of the resource. - type: string - location: - description: Immutable. The location for the resource - type: string - mtlsPolicy: - description: Optional. Defines a mechanism to provision peer validation - certificates for peer to peer authentication (Mutual TLS - mTLS). - If not specified, client certificate will not be requested. The - connection is treated as TLS and not mTLS. If allow_open and mtls_policy - are set, server allows both plain text and mTLS connections. - properties: - clientValidationCa: - description: Required. Defines the mechanism to obtain the Certificate - Authority certificate to validate the client certificate. - items: - properties: - certificateProviderInstance: - description: The certificate provider instance specification - that will be passed to the data plane, which will be used - to load necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to - locate and load CertificateProvider instance configuration. - Set to "google_cloud_private_spiffe" to use Certificate - Authority Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC - server to obtain the CA certificate. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with - “unix:”. - type: string - required: - - targetUri - type: object - type: object - type: array - required: - - clientValidationCa - type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serverCertificate: - description: Optional. Defines a mechanism to provision server identity - (public and private keys). Cannot be combined with allow_open as - a permissive mode that allows both plain text and TLS is not supported. - properties: - certificateProviderInstance: - description: The certificate provider instance specification that - will be passed to the data plane, which will be used to load - necessary credential information. - properties: - pluginInstance: - description: Required. Plugin instance name, used to locate - and load CertificateProvider instance configuration. Set - to "google_cloud_private_spiffe" to use Certificate Authority - Service certificate provider instance. - type: string - required: - - pluginInstance - type: object - grpcEndpoint: - description: gRPC specific configuration to access the gRPC server - to obtain the cert and private key. - properties: - targetUri: - description: Required. The target URI of the gRPC endpoint. - Only UDS path is supported, and should start with “unix:”. - type: string - required: - - targetUri - type: object - type: object - required: - - location - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. + ipv4Addresses: + description: The IPv4 addresses associated with this service. Addresses + are static for the lifetime of the service. items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object + type: string + type: array + ipv6Addresses: + description: The IPv6 addresses associated with this service. Addresses + are static for the lifetime of the service. + items: + type: string type: array - createTime: - description: Output only. The timestamp when the resource was created. - format: date-time - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -64563,10 +91017,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time - type: string type: object required: - spec @@ -64586,7 +91036,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -64907,7 +91357,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65133,7 +91583,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -65600,7 +92050,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66334,7 +92784,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66510,7 +92960,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -66840,7 +93290,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67125,8 +93575,235 @@ spec: type: object type: array createTime: - description: Output only. The timestamp when the resource was created. - format: date-time + description: Output only. The timestamp when the resource was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + selfLink: + description: Output only. Server-defined URL of this resource + type: string + updateTime: + description: Output only. The timestamp when the resource was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: notebooksenvironments.notebooks.cnrm.cloud.google.com +spec: + group: notebooks.cnrm.cloud.google.com + names: + categories: + - gcp + kind: NotebooksEnvironment + plural: notebooksenvironments + shortNames: + - gcpnotebooksenvironment + - gcpnotebooksenvironments + singular: notebooksenvironment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + containerImage: + description: Use a container image to start the notebook instance. + properties: + repository: + description: |- + The path to the container image repository. + For example: gcr.io/{project_id}/{imageName}. + type: string + tag: + description: The tag of the container image. If not specified, + this defaults to the latest tag. + type: string + required: + - repository + type: object + description: + description: A brief description of this environment. + type: string + displayName: + description: Display name of this environment for the UI. + type: string + locationRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `NotebooksLocation` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + postStartupScript: + description: |- + Path to a Bash script that automatically runs after a notebook instance fully boots up. + The path must be a URL or Cloud Storage path. Example: "gs://path-to-file/file-name". + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + vmImage: + description: Use a Compute Engine VM image to start the notebook instance. + properties: + imageFamily: + description: Use this VM image family to find the image; the newest + image in this family will be used. + type: string + imageName: + description: Use VM image name to find the image. + type: string + project: + description: |- + The name of the Google Cloud project that this VM image belongs to. + Format: projects/{project_id}. + type: string + required: + - project + type: object + required: + - locationRef + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Instance creation time. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -67135,12 +93812,166 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: Output only. Server-defined URL of this resource + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: orgpolicycustomconstraints.orgpolicy.cnrm.cloud.google.com +spec: + group: orgpolicy.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OrgPolicyCustomConstraint + plural: orgpolicycustomconstraints + shortNames: + - gcporgpolicycustomconstraint + - gcporgpolicycustomconstraints + singular: orgpolicycustomconstraint + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + actionType: + description: 'The action to take if the condition is met. Possible + values: ["ALLOW", "DENY"].' + type: string + condition: + description: A CEL condition that refers to a supported service resource, + for example 'resource.management.autoUpgrade == false'. For details + about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + type: string + description: + description: A human-friendly description of the constraint to display + as an error message when the policy is violated. + type: string + displayName: + description: A human-friendly name for the constraint. + type: string + methodTypes: + description: A list of RESTful methods for which to enforce the constraint. + Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services + support both methods. To see supported methods for each service, + find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + items: + type: string + type: array + parent: + description: Immutable. The parent of the resource, an organization. + Format should be 'organizations/{organization_id}'. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string + resourceTypes: + description: Immutable. Immutable. The fully qualified name of the + Google Cloud REST resource containing the object and field you want + to restrict. For example, 'container.googleapis.com/NodePool'. + items: + type: string + type: array + required: + - actionType + - condition + - methodTypes + - parent + - resourceTypes + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer updateTime: - description: Output only. The timestamp when the resource was updated. - format: date-time + description: Output only. The timestamp representing when the constraint + was last updated. type: string type: object required: @@ -67161,7 +93992,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -67930,7 +94761,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -68750,22 +95581,5242 @@ spec: - id type: object type: object - required: - - id + required: + - id + type: object + type: array + required: + - resources + type: object + type: array + required: + - id + - mode + - resourceGroups + type: object + type: array + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rollout: + description: 'Required. Rollout to deploy the OS policy assignment. + A rollout is triggered in the following situations: 1) OSPolicyAssignment + is created. 2) OSPolicyAssignment is updated and the update contains + changes to one of the following fields: - instance_filter - os_policies + 3) OSPolicyAssignment is deleted.' + properties: + disruptionBudget: + description: Required. The maximum number (or percentage) of VMs + per zone to disrupt at any given moment. + properties: + fixed: + description: Specifies a fixed value. + format: int64 + type: integer + percent: + description: Specifies the relative value defined as a percentage, + which will be multiplied by a reference value. + format: int64 + type: integer + type: object + minWaitDuration: + description: Required. This determines the minimum duration of + time to wait after the configuration changes are applied through + the current rollout. A VM continues to count towards the `disruption_budget` + at least until this duration of time has passed after configuration + changes are applied. + type: string + required: + - disruptionBudget + - minWaitDuration + type: object + skipAwaitRollout: + description: Set to true to skip awaiting rollout during resource + creation and update. + type: boolean + required: + - instanceFilter + - location + - osPolicies + - projectRef + - rollout + type: object + status: + properties: + baseline: + description: Output only. Indicates that this revision has been successfully + rolled out in this zone and new VMs will be assigned OS policies + from this revision. For a given OS policy assignment, there is only + one revision with a value of `true` for this field. + type: boolean + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + deleted: + description: Output only. Indicates that this revision deletes the + OS policy assignment. + type: boolean + etag: + description: The etag for this OS policy assignment. If this is provided + on update, it must match the server's etag. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + reconciling: + description: 'Output only. Indicates that reconciliation is in progress + for the revision. This value is `true` when the `rollout_state` + is one of: * IN_PROGRESS * CANCELLING' + type: boolean + revisionCreateTime: + description: Output only. The timestamp that the revision was created. + format: date-time + type: string + revisionId: + description: Output only. The assignment revision ID A new revision + is committed whenever a rollout is triggered for a OS policy assignment + type: string + rolloutState: + description: 'Output only. OS policy assignment rollout state Possible + values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, + SUCCEEDED' + type: string + uid: + description: Output only. Server generated unique id for the OS policy + assignment resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osconfigpatchdeployments.osconfig.cnrm.cloud.google.com +spec: + group: osconfig.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSConfigPatchDeployment + plural: osconfigpatchdeployments + shortNames: + - gcposconfigpatchdeployment + - gcposconfigpatchdeployments + singular: osconfigpatchdeployment + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Immutable. Description of the patch deployment. Length + of the description is limited to 1024 characters. + type: string + duration: + description: |- + Immutable. Duration of the patch. After the duration ends, the patch times out. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + instanceFilter: + description: Immutable. VM instances to patch. + properties: + all: + description: Immutable. Target all VM instances in the project. + If true, no other criteria is permitted. + type: boolean + groupLabels: + description: Immutable. Targets VM instances matching ANY of these + GroupLabels. This allows targeting of disparate groups of VM + instances. + items: + properties: + labels: + additionalProperties: + type: string + description: Immutable. Compute Engine instance labels that + must be present for a VM instance to be targeted by this + filter. + type: object + required: + - labels + type: object + type: array + instanceNamePrefixes: + description: |- + Immutable. Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group + VMs when targeting configs, for example prefix="prod-". + items: + type: string + type: array + instances: + description: |- + Immutable. Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}', + 'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or + 'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'. + items: + type: string + type: array + zones: + description: Immutable. Targets VM instances in ANY of these zones. + Leave empty to target VM instances in any zone. + items: + type: string + type: array + type: object + oneTimeSchedule: + description: Immutable. Schedule a one-time execution. + properties: + executeTime: + description: |- + Immutable. The desired patch job execution time. A timestamp in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + required: + - executeTime + type: object + patchConfig: + description: Immutable. Patch configuration that is applied. + properties: + apt: + description: Immutable. Apt update settings. Use this setting + to override the default apt patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + type: + description: 'Immutable. By changing the type to DIST, the + patching is performed using apt-get dist-upgrade instead. + Possible values: ["DIST", "UPGRADE"].' + type: string + type: object + goo: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + properties: + enabled: + description: Immutable. goo update settings. Use this setting + to override the default goo patch rules. + type: boolean + required: + - enabled + type: object + migInstancesAllowed: + description: Immutable. Allows the patch job to run on Managed + instance groups (MIGs). + type: boolean + postStep: + description: Immutable. The ExecStep to run after the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + preStep: + description: Immutable. The ExecStep to run before the patch update. + properties: + linuxExecStepConfig: + description: Immutable. The ExecStepConfig for all Linux VMs + targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + windowsExecStepConfig: + description: Immutable. The ExecStepConfig for all Windows + VMs targeted by the PatchJob. + properties: + allowedSuccessCodes: + description: Immutable. Defaults to [0]. A list of possible + return values that the execution can return to indicate + a success. + items: + type: integer + type: array + gcsObject: + description: Immutable. A Cloud Storage object containing + the executable. + properties: + bucket: + description: Immutable. Bucket of the Cloud Storage + object. + type: string + generationNumber: + description: Immutable. Generation number of the Cloud + Storage object. This is used to ensure that the + ExecStep specified by this PatchJob does not change. + type: string + object: + description: Immutable. Name of the Cloud Storage + object. + type: string + required: + - bucket + - generationNumber + - object + type: object + interpreter: + description: |- + Immutable. The script interpreter to use to run the script. If no interpreter is specified the script will + be executed directly, which will likely only succeed for scripts with shebang lines. Possible values: ["SHELL", "POWERSHELL"]. + type: string + localPath: + description: Immutable. An absolute path to the executable + on the VM. + type: string + type: object + type: object + rebootConfig: + description: 'Immutable. Post-patch reboot settings. Possible + values: ["DEFAULT", "ALWAYS", "NEVER"].' + type: string + windowsUpdate: + description: Immutable. Windows update settings. Use this setting + to override the default Windows patch rules. + properties: + classifications: + description: 'Immutable. Only apply updates of these windows + update classifications. If empty, all updates are applied. + Possible values: ["CRITICAL", "SECURITY", "DEFINITION", + "DRIVER", "FEATURE_PACK", "SERVICE_PACK", "TOOL", "UPDATE_ROLLUP", + "UPDATE"].' + items: + type: string + type: array + excludes: + description: Immutable. List of KBs to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of kbs to be updated. These are the only patches that will be updated. + This field must not be used with other patch configurations. + items: + type: string + type: array + type: object + yum: + description: Immutable. Yum update settings. Use this setting + to override the default yum patch rules. + properties: + excludes: + description: Immutable. List of packages to exclude from update. + These packages will be excluded. + items: + type: string + type: array + exclusivePackages: + description: |- + Immutable. An exclusive list of packages to be updated. These are the only packages that will be updated. + If these packages are not installed, they will be ignored. This field cannot be specified with + any other patch configuration fields. + items: + type: string + type: array + minimal: + description: Immutable. Will cause patch to run yum update-minimal + instead. + type: boolean + security: + description: Immutable. Adds the --security flag to yum update. + Not supported on all platforms. + type: boolean + type: object + zypper: + description: Immutable. zypper update settings. Use this setting + to override the default zypper patch rules. + properties: + categories: + description: Immutable. Install only patches with these categories. + Common categories include security, recommended, and feature. + items: + type: string + type: array + excludes: + description: Immutable. List of packages to exclude from update. + items: + type: string + type: array + exclusivePatches: + description: |- + Immutable. An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command. + This field must not be used with any other patch configuration fields. + items: + type: string + type: array + severities: + description: Immutable. Install only patches with these severities. + Common severities include critical, important, moderate, + and low. + items: + type: string + type: array + withOptional: + description: Immutable. Adds the --with-optional flag to zypper + patch. + type: boolean + withUpdate: + description: Immutable. Adds the --with-update flag, to zypper + patch. + type: boolean + type: object + type: object + patchDeploymentId: + description: |- + Immutable. A name for the patch deployment in the project. When creating a name the following rules apply: + * Must contain only lowercase letters, numbers, and hyphens. + * Must start with a letter. + * Must be between 1-63 characters. + * Must end with a number or a letter. + * Must be unique within the project. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + recurringSchedule: + description: Immutable. Schedule recurring executions. + properties: + endTime: + description: |- + Immutable. The end time at which a recurring patch deployment schedule is no longer active. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The time the last patch job ran successfully. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + monthly: + description: Immutable. Schedule with monthly executions. + properties: + monthDay: + description: |- + Immutable. One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month. + Months without the target day will be skipped. For example, a schedule to run "every month on the 31st" + will not run in February, April, June, etc. + type: integer + weekDayOfMonth: + description: Immutable. Week day in a month. + properties: + dayOfWeek: + description: 'Immutable. A day of the week. Possible values: + ["MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", + "SATURDAY", "SUNDAY"].' + type: string + weekOrdinal: + description: Immutable. Week number in a month. 1-4 indicates + the 1st to 4th week of the month. -1 indicates the last + week of the month. + type: integer + required: + - dayOfWeek + - weekOrdinal + type: object + type: object + nextExecuteTime: + description: |- + The time the next patch job is scheduled to run. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + startTime: + description: |- + Immutable. The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + timeOfDay: + description: Immutable. Time of the day to run a recurring deployment. + properties: + hours: + description: |- + Immutable. Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Immutable. Minutes of hour of day. Must be from + 0 to 59. + type: integer + nanos: + description: Immutable. Fractions of seconds in nanoseconds. + Must be from 0 to 999,999,999. + type: integer + seconds: + description: Immutable. Seconds of minutes of the time. Must + normally be from 0 to 59. An API may allow the value 60 + if it allows leap-seconds. + type: integer + type: object + timeZone: + description: |- + Immutable. Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are + determined by the chosen time zone. + properties: + id: + description: Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". + type: string + version: + description: Immutable. IANA Time Zone Database version number, + e.g. "2019a". + type: string + required: + - id + type: object + weekly: + description: Immutable. Schedule with weekly executions. + properties: + dayOfWeek: + description: 'Immutable. IANA Time Zone Database time zone, + e.g. "America/New_York". Possible values: ["MONDAY", "TUESDAY", + "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"].' + type: string + required: + - dayOfWeek + type: object + required: + - timeOfDay + - timeZone + type: object + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + rollout: + description: Immutable. Rollout strategy of the patch job. + properties: + disruptionBudget: + description: |- + Immutable. The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up. + During patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps. + A VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget. + For zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone. + For example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops. + properties: + fixed: + description: Immutable. Specifies a fixed value. + type: integer + percentage: + description: Immutable. Specifies the relative value defined + as a percentage, which will be multiplied by a reference + value. + type: integer + type: object + mode: + description: 'Immutable. Mode of the patch rollout. Possible values: + ["ZONE_BY_ZONE", "CONCURRENT_ZONES"].' + type: string + required: + - disruptionBudget + - mode + type: object + required: + - instanceFilter + - patchDeploymentId + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: |- + Time the patch deployment was created. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + lastExecuteTime: + description: |- + The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: |- + Unique name for the patch deployment resource in a project. + The patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: |- + Time the patch deployment was last updated. Timestamp is in RFC3339 text format. + A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z". + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: osloginsshpublickeys.oslogin.cnrm.cloud.google.com +spec: + group: oslogin.cnrm.cloud.google.com + names: + categories: + - gcp + kind: OSLoginSSHPublicKey + plural: osloginsshpublickeys + shortNames: + - gcposloginsshpublickey + - gcposloginsshpublickeys + singular: osloginsshpublickey + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + expirationTimeUsec: + description: An expiration time in microseconds since epoch. + type: string + key: + description: Immutable. Public key text in SSH format, defined by + RFC4253 section 6.6. + type: string + project: + description: Immutable. The project ID of the Google Cloud Platform + project. + type: string + resourceID: + description: Immutable. Optional. The service-generated fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. + type: string + user: + description: Immutable. The user email. + type: string + required: + - key + - user + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + fingerprint: + description: The SHA-256 fingerprint of the SSH public key. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacapools.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACAPool + plural: privatecacapools + shortNames: + - gcpprivatecacapool + - gcpprivatecacapools + singular: privatecacapool + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + issuancePolicy: + description: Optional. The IssuancePolicy to control how Certificates + will be issued from this CaPool. + properties: + allowedIssuanceModes: + description: Optional. If specified, then only methods allowed + in the IssuanceModes may be used to issue Certificates. + properties: + allowConfigBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CertificateConfig. + type: boolean + allowCsrBasedIssuance: + description: Optional. When true, allows callers to create + Certificates by specifying a CSR. + type: boolean + type: object + allowedKeyTypes: + description: Optional. If any AllowedKeyType is specified, then + the certificate request's public key must match one of the key + types listed here. Otherwise, any key may be used. + items: + properties: + ellipticCurve: + description: Represents an allowed Elliptic Curve key type. + properties: + signatureAlgorithm: + description: 'Optional. A signature algorithm that must + be used. If this is omitted, any EC-based signature + algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, + ECDSA_P256, ECDSA_P384, EDDSA_25519' + type: string + type: object + rsa: + description: Represents an allowed RSA key type. + properties: + maxModulusSize: + description: Optional. The maximum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service will not enforce an explicit upper bound + on RSA modulus sizes. + format: int64 + type: integer + minModulusSize: + description: Optional. The minimum allowed RSA modulus + size, in bits. If this is not set, or if set to zero, + the service-level min RSA modulus size will continue + to apply. + format: int64 + type: integer + type: object + type: object + type: array + baselineValues: + description: Optional. A set of X.509 values that will be applied + to all certificates issued through this CaPool. If a certificate + request includes conflicting values for the same properties, + they will be overwritten by the values defined here. If a certificate + request uses a CertificateTemplate that defines conflicting + predefined_values for the same properties, the certificate issuance + request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Optional. When true, the "path length constraint" + in Basic Constraints extension will be set to 0. if + both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + identityConstraints: + description: Optional. Describes constraints on identities that + may appear in Certificates issued through this CaPool. If this + is omitted, then this CaPool will not add restrictions on a + certificate's identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames + extension may be copied from a certificate request into + the signed certificate. Otherwise, the requested SubjectAltNames + will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field + may be copied from a certificate request into the signed + certificate. Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to + validate the resolved X.509 Subject and/or Subject Alternative + Name before a certificate is signed. To see the full allowed + syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. + This is a longer text which describes the expression, + e.g. when hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in + Common Expression Language syntax. + type: string + location: + description: Optional. String indicating the location + of the expression for error reporting, e.g. a file name + and a position in the file. + type: string + title: + description: Optional. Title for the expression, i.e. + a short string describing its purpose. This can be used + e.g. in UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + maximumLifetime: + description: Optional. The maximum lifetime allowed for issued + Certificates. Note that if the issuing CertificateAuthority + expires before a Certificate's requested maximum_lifetime, the + effective lifetime will be explicitly truncated to match it. + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued through this CaPool. If a + certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If + a certificate request uses a CertificateTemplate with predefined_values + that don't appear here, the certificate issuance request will + fail. If this is omitted, then this CaPool will not add restrictions + on a certificate's X.509 extensions. These constraints do not + apply to X.509 extensions set in this CaPool's baseline_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom + X.509 extensions. Will be combined with known_extensions + to determine the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will + be combined with additional_extensions to determine the + full set of X.509 extensions. + items: + type: string + type: array + type: object + type: object + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + publishingOptions: + description: Optional. The PublishingOptions to follow when issuing + Certificates from any CertificateAuthority in this CaPool. + properties: + publishCaCert: + description: Optional. When true, publishes each CertificateAuthority's + CA certificate and includes its URL in the "Authority Information + Access" X.509 extension in all issued Certificates. If this + is false, the CA certificate will not be published and the corresponding + X.509 extension will not be written in issued certificates. + type: boolean + publishCrl: + description: Optional. When true, publishes each CertificateAuthority's + CRL and includes its URL in the "CRL Distribution Points" X.509 + extension in all issued Certificates. If this is false, CRLs + will not be published and the corresponding X.509 extension + will not be written in issued certificates. CRLs will expire + 7 days from their creation. However, we will rebuild daily. + CRLs are also rebuilt shortly after a certificate is revoked. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + tier: + description: 'Immutable. Required. Immutable. The Tier of this CaPool. + Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + type: string + required: + - location + - projectRef + - tier + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateAuthority + plural: privatecacertificateauthorities + shortNames: + - gcpprivatecacertificateauthority + - gcpprivatecacertificateauthorities + singular: privatecacertificateauthority + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The caPool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Required. Immutable. The config used to create + a self-signed X.509 certificate or CSR. + properties: + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + customSans: + description: Immutable. Contains additional subject alternative + name values. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the + client does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this + X.509 extension. + properties: + objectIdPath: + description: Immutable. Required. The parts + of an OID path. The most significant parts + of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. Refers to the "CA" X.509 + extension, which is a boolean value. When this value + is missing, the extension will be omitted from the CA + certificate. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the path length + restriction X.509 extension. For a CA certificate, this + value describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + gcsBucketRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. + + Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + keySpec: + description: Immutable. Required. Immutable. Used when issuing certificates + for this CertificateAuthority. If this CertificateAuthority is a + self-signed CertificateAuthority, this key is also used to sign + the self-signed CA certificate. Otherwise, it is used to sign a + CSR. + properties: + algorithm: + description: 'Immutable. The algorithm to use for creating a managed + Cloud KMS key for a for a simplified experience. All managed + keys will be have their ProtectionLevel as `HSM`. Possible values: + RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, + RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, + EC_P256_SHA256, EC_P384_SHA384' + type: string + cloudKmsKeyVersionRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: The resource name for an existing Cloud KMS CryptoKeyVersion + in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. + This option enables full flexibility in the key's capabilities + and properties. + type: string + name: + description: |- + [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. + Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + lifetime: + description: Immutable. Required. The desired lifetime of the CA certificate. + Used to create the "not_before_time" and "not_after_time" fields + inside an X.509 certificate. + type: string + location: + description: Immutable. The location for the resource + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. + Possible values: SELF_SIGNED, SUBORDINATE' + type: string + required: + - caPoolRef + - config + - keySpec + - lifetime + - location + - projectRef + - type + type: object + status: + properties: + accessUrls: + description: Output only. URLs for accessing content published by + this CA, such as the CA certificate and CRLs. + properties: + caCertificateAccessUrl: + description: The URL where this CertificateAuthority's CA certificate + is published. This will only be set for CAs that have been activated. + type: string + crlAccessUrls: + description: The URLs where this CertificateAuthority's CRLs are + published. This will only be set for CAs that have been activated. + items: + type: string + type: array + type: object + caCertificateDescriptions: + description: Output only. A structured description of this CertificateAuthority's + CA certificate and its issuers. Ordered as self-to-root. + items: + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in + the certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an + issued certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is + the period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as + the common name, location and organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative + name values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, + the client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Required. The parts of an OID + path. The most significant parts of the + path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 + extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit + SHA-1 hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in + a certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does + not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the + "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value + describes the depth of subordinate CA certificates + that are allowed. If this value is less than 0, the + request will fail. If this value is missing, the max + path length will be omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + type: array + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + config: + properties: + publicKey: + description: Optional. The public key that corresponds to this + config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Required. The format of the public key. Possible + values: PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + x509Config: + properties: + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + type: object + type: object + createTime: + description: Output only. The time at which this CertificateAuthority + was created. + format: date-time + type: string + deleteTime: + description: Output only. The time at which this CertificateAuthority + was soft deleted, if it is in the DELETED state. + format: date-time + type: string + expireTime: + description: Output only. The time at which this CertificateAuthority + will be permanently purged, if it is in the DELETED state. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCaCertificates: + description: Output only. This CertificateAuthority's certificate + chain, including the current CertificateAuthority's certificate. + Ordered such that the root issuer is the final element (consistent + with RFC 5246). For a self-signed CA, this will only list the current + CertificateAuthority's certificate. + items: + type: string + type: array + state: + description: 'Output only. The State for this CertificateAuthority. + Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, + DELETED' + type: string + subordinateConfig: + description: Optional. If this is a subordinate CertificateAuthority, + this field will be set with the subordinate configuration, which + describes its issuers. This may be updated, but this CertificateAuthority + must continue to validate. + properties: + certificateAuthority: + description: Required. This can refer to a CertificateAuthority + in the same project that was used to create a subordinate CertificateAuthority. + This field is used for information and usability purposes only. + The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + pemIssuerChain: + description: Required. Contains the PEM certificate chain for + the issuers of this CertificateAuthority, but not pem certificate + for this CA itself. + properties: + pemCertificates: + description: Required. Expected to be in leaf-to-root order + according to RFC 5246. + items: + type: string + type: array + type: object + type: object + tier: + description: 'Output only. The CaPool.Tier of the CaPool that includes + this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' + type: string + updateTime: + description: Output only. The time at which this CertificateAuthority + was last updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificate + plural: privatecacertificates + shortNames: + - gcpprivatecacertificate + - gcpprivatecacertificates + singular: privatecacertificate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + caPoolRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The ca_pool for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateAuthorityRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The certificate authority for the resource + + Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + certificateTemplateRef: + description: Immutable. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. + + Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + config: + description: Immutable. Immutable. A description of the certificate + and key that does not require X.509 or ASN.1. + properties: + publicKey: + description: Immutable. Optional. The public key that corresponds + to this config. This is, for example, used when issuing Certificates, + but not when creating a self-signed CertificateAuthority or + CertificateAuthority CSR. + properties: + format: + description: 'Immutable. Required. The format of the public + key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Immutable. Required. A public key. The padding + and encoding must match with the `KeyFormat` value specified + for the `format` field. + type: string + required: + - format + - key + type: object + subjectConfig: + description: Immutable. Required. Specifies some of the values + in a certificate that are related to the subject. + properties: + subject: + description: Immutable. Required. Contains distinguished name + fields such as the common name, location and organization. + properties: + commonName: + description: Immutable. The "common name" of the subject. + type: string + countryCode: + description: Immutable. The country code of the subject. + type: string + locality: + description: Immutable. The locality or city of the subject. + type: string + organization: + description: Immutable. The organization of the subject. + type: string + organizationalUnit: + description: Immutable. The organizational_unit of the + subject. + type: string + postalCode: + description: Immutable. The postal code of the subject. + type: string + province: + description: Immutable. The province, territory, or regional + state of the subject. + type: string + streetAddress: + description: Immutable. The street address of the subject. + type: string + type: object + subjectAltName: + description: Immutable. Optional. The subject alternative + name fields. + properties: + dnsNames: + description: Immutable. Contains only valid, fully-qualified + host names. + items: + type: string + type: array + emailAddresses: + description: Immutable. Contains only valid RFC 2822 E-mail + addresses. + items: + type: string + type: array + ipAddresses: + description: Immutable. Contains only valid 32-bit IPv4 + addresses or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Immutable. Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + required: + - subject + type: object + x509Config: + description: Immutable. Required. Describes how some of the technical + X.509 fields in a certificate should be populated. + properties: + additionalExtensions: + description: Immutable. Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Immutable. Optional. Indicates whether + or not this extension is critical (i.e., if the client + does not know how to handle this extension, the client + should consider this to be an error). + type: boolean + objectId: + description: Immutable. Required. The OID for this X.509 + extension. + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Immutable. Required. The value of this + X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Immutable. Optional. Describes Online Certificate + Status Protocol (OCSP) endpoint addresses that appear in + the "Authority Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Immutable. Optional. Describes options in this + X509Parameters that are relevant in a CA certificate. + properties: + isCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to true. + type: boolean + maxIssuerPathLength: + description: Immutable. Optional. Refers to the "path + length constraint" in Basic Constraints extension. For + a CA certificate, this value describes the depth of + subordinate CA certificates that are allowed. If this + value is less than 0, the request will fail. + format: int64 + type: integer + nonCa: + description: Immutable. Optional. When true, the "CA" + in Basic Constraints extension will be set to false. + If both `is_ca` and `non_ca` are unset, the extension + will be omitted from the CA certificate. + type: boolean + zeroMaxIssuerPathLength: + description: Immutable. Optional. When true, the "path + length constraint" in Basic Constraints extension will + be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length + are unset, the max path length will be omitted from + the CA certificate. + type: boolean + type: object + keyUsage: + description: Immutable. Optional. Indicates the intended use + for keys that correspond to a certificate. + properties: + baseKeyUsage: + description: Immutable. Describes high-level ways in which + a key may be used. + properties: + certSign: + description: Immutable. The key may be used to sign + certificates. + type: boolean + contentCommitment: + description: Immutable. The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: Immutable. The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: Immutable. The key may be used to encipher + data. + type: boolean + decipherOnly: + description: Immutable. The key may be used to decipher + only. + type: boolean + digitalSignature: + description: Immutable. The key may be used for digital + signatures. + type: boolean + encipherOnly: + description: Immutable. The key may be used to encipher + only. + type: boolean + keyAgreement: + description: Immutable. The key may be used in a key + agreement protocol. + type: boolean + keyEncipherment: + description: Immutable. The key may be used to encipher + other keys. + type: boolean + type: object + extendedKeyUsage: + description: Immutable. Detailed scenarios in which a + key may be used. + properties: + clientAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Immutable. Used to describe extended key + usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an + OID path. The most significant parts of the path + come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Immutable. Optional. Describes the X.509 certificate + policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Immutable. Required. The parts of an OID + path. The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + required: + - subjectConfig + - x509Config + type: object + lifetime: + description: Immutable. Required. Immutable. The desired lifetime + of a certificate. Used to create the "not_before_time" and "not_after_time" + fields inside an X.509 certificate. Note that the lifetime may be + truncated if it would extend past the life of any certificate authority + in the issuing chain. + type: string + location: + description: Immutable. The location for the resource + type: string + pemCsr: + description: Immutable. Immutable. A pem-encoded X.509 certificate + signing request (CSR). + type: string + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + subjectMode: + description: 'Immutable. Immutable. Specifies how the Certificate''s + identity fields are to be decided. If this is omitted, the `DEFAULT` + subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, + DEFAULT, REFLECTED_SPIFFE' + type: string + required: + - caPoolRef + - lifetime + - location + - projectRef + type: object + status: + properties: + certificateDescription: + description: Output only. A structured description of the issued X.509 + certificate. + properties: + aiaIssuingCertificateUrls: + description: Describes lists of issuer CA certificate URLs that + appear in the "Authority Information Access" extension in the + certificate. + items: + type: string + type: array + authorityKeyId: + description: Identifies the subject_key_id of the parent certificate, + per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + certFingerprint: + description: The hash of the x.509 certificate. + properties: + sha256Hash: + description: The SHA 256 hash, encoded in hexadecimal, of + the DER x509 certificate. + type: string + type: object + crlDistributionPoints: + description: Describes a list of locations to obtain CRL information, + i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 + items: + type: string + type: array + publicKey: + description: The public key that corresponds to an issued certificate. + properties: + format: + description: 'Required. The format of the public key. Possible + values: KEY_FORMAT_UNSPECIFIED, PEM' + type: string + key: + description: Required. A public key. The padding and encoding + must match with the `KeyFormat` value specified for the + `format` field. + type: string + type: object + subjectDescription: + description: Describes some of the values in a certificate that + are related to the subject and lifetime. + properties: + hexSerialNumber: + description: The serial number encoded in lowercase hexadecimal. + type: string + lifetime: + description: For convenience, the actual lifetime of an issued + certificate. + type: string + notAfterTime: + description: The time after which the certificate is expired. + Per RFC 5280, the validity period for a certificate is the + period of time from not_before_time through not_after_time, + inclusive. Corresponds to 'not_before_time' + 'lifetime' + - 1 second. + format: date-time + type: string + notBeforeTime: + description: The time at which the certificate becomes valid. + format: date-time + type: string + subject: + description: Contains distinguished name fields such as the + common name, location and / organization. + properties: + commonName: + description: The "common name" of the subject. + type: string + countryCode: + description: The country code of the subject. + type: string + locality: + description: The locality or city of the subject. + type: string + organization: + description: The organization of the subject. + type: string + organizationalUnit: + description: The organizational_unit of the subject. + type: string + postalCode: + description: The postal code of the subject. + type: string + province: + description: The province, territory, or regional state + of the subject. + type: string + streetAddress: + description: The street address of the subject. + type: string + type: object + subjectAltName: + description: The subject alternative name fields. + properties: + customSans: + description: Contains additional subject alternative name + values. + items: + properties: + critical: + description: Optional. Indicates whether or not + this extension is critical (i.e., if the client + does not know how to handle this extension, the + client should consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come + first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + dnsNames: + description: Contains only valid, fully-qualified host + names. + items: + type: string + type: array + emailAddresses: + description: Contains only valid RFC 2822 E-mail addresses. + items: + type: string + type: array + ipAddresses: + description: Contains only valid 32-bit IPv4 addresses + or RFC 4291 IPv6 addresses. + items: + type: string + type: array + uris: + description: Contains only valid RFC 3986 URIs. + items: + type: string + type: array + type: object + type: object + subjectKeyId: + description: Provides a means of identifiying certificates that + contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. + properties: + keyId: + description: Optional. The value of this KeyId encoded in + lowercase hexadecimal. This is most likely the 160 bit SHA-1 + hash of the public key. + type: string + type: object + x509Description: + description: Describes some of the technical X.509 fields in a + certificate. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this + extension is critical (i.e., if the client does not + know how to handle this extension, the client should + consider this to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + value: + description: Required. The value of this X.509 extension. + type: string + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status + Protocol (OCSP) endpoint addresses that appear in the "Authority + Information Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, + the extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. + If this value is missing, the max path length will be + omitted from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys + that correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key + may be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic + commitments. Note that this may also be referred + to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate + revocation lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement + protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other + keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be + used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. + Officially described as "TLS WWW client authentication", + though regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. + Officially described as "Signing of downloadable + executable code client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. + Officially described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. + Officially described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. + Officially described as "TLS WWW server authentication", + though regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. + Officially described as "Binding the hash of an + object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that + are not listed in the KeyUsage.ExtendedKeyUsageOptions + message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. + The most significant parts of the path come first. + items: + format: int64 + type: integer + type: array type: object type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + type: object + type: array + type: object + type: object + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this Certificate was created. + format: date-time + type: string + issuerCertificateAuthority: + description: Output only. The resource name of the issuing CertificateAuthority + in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + pemCertificate: + description: Output only. The pem-encoded, signed X.509 certificate. + type: string + pemCertificateChain: + description: Output only. The chain that may be used to verify the + X.509 certificate. Expected to be in issuer-to-root order according + to RFC 5246. + items: + type: string + type: array + revocationDetails: + description: Output only. Details regarding the revocation of this + Certificate. This Certificate is considered revoked if and only + if this field is present. + properties: + revocationState: + description: 'Indicates why a Certificate was revoked. Possible + values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, + AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, + PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + type: string + revocationTime: + description: The time at which this Certificate was revoked. + format: date-time + type: string + type: object + updateTime: + description: Output only. The time at which this Certificate was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com +spec: + group: privateca.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PrivateCACertificateTemplate + plural: privatecacertificatetemplates + shortNames: + - gcpprivatecacertificatetemplate + - gcpprivatecacertificatetemplates + singular: privatecacertificatetemplate + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. A human-readable description of scenarios this + template is intended for. + type: string + identityConstraints: + description: Optional. Describes constraints on identities that may + be appear in Certificates issued using this template. If this is + omitted, then this template will not add restrictions on a certificate's + identity. + properties: + allowSubjectAltNamesPassthrough: + description: Required. If this is true, the SubjectAltNames extension + may be copied from a certificate request into the signed certificate. + Otherwise, the requested SubjectAltNames will be discarded. + type: boolean + allowSubjectPassthrough: + description: Required. If this is true, the Subject field may + be copied from a certificate request into the signed certificate. + Otherwise, the requested Subject will be discarded. + type: boolean + celExpression: + description: Optional. A CEL expression that may be used to validate + the resolved X.509 Subject and/or Subject Alternative Name before + a certificate is signed. To see the full allowed syntax and + some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel + properties: + description: + description: Optional. Description of the expression. This + is a longer text which describes the expression, e.g. when + hovered over it in a UI. + type: string + expression: + description: Textual representation of an expression in Common + Expression Language syntax. + type: string + location: + description: Optional. String indicating the location of the + expression for error reporting, e.g. a file name and a position + in the file. + type: string + title: + description: Optional. Title for the expression, i.e. a short + string describing its purpose. This can be used e.g. in + UIs which allow to enter the expression. + type: string + type: object + required: + - allowSubjectAltNamesPassthrough + - allowSubjectPassthrough + type: object + location: + description: Immutable. The location for the resource + type: string + passthroughExtensions: + description: Optional. Describes the set of X.509 extensions that + may appear in a Certificate issued using this CertificateTemplate. + If a certificate request sets extensions that don't appear in the + passthrough_extensions, those extensions will be dropped. If the + issuing CaPool's IssuancePolicy defines baseline_values that don't + appear here, the certificate issuance request will fail. If this + is omitted, then this template will not add restrictions on a certificate's + X.509 extensions. These constraints do not apply to X.509 extensions + set in this CertificateTemplate's predefined_values. + properties: + additionalExtensions: + description: Optional. A set of ObjectIds identifying custom X.509 + extensions. Will be combined with known_extensions to determine + the full set of X.509 extensions. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + knownExtensions: + description: Optional. A set of named X.509 extensions. Will be + combined with additional_extensions to determine the full set + of X.509 extensions. + items: + type: string + type: array + type: object + predefinedValues: + description: Optional. A set of X.509 values that will be applied + to all issued certificates that use this template. If the certificate + request includes conflicting values for the same properties, they + will be overwritten by the values defined here. If the issuing CaPool's + IssuancePolicy defines conflicting baseline_values for the same + properties, the certificate issuance request will fail. + properties: + additionalExtensions: + description: Optional. Describes custom X.509 extensions. + items: + properties: + critical: + description: Optional. Indicates whether or not this extension + is critical (i.e., if the client does not know how to + handle this extension, the client should consider this + to be an error). + type: boolean + objectId: + description: Required. The OID for this X.509 extension. + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + value: + description: Required. The value of this X.509 extension. + type: string + required: + - objectId + - value + type: object + type: array + aiaOcspServers: + description: Optional. Describes Online Certificate Status Protocol + (OCSP) endpoint addresses that appear in the "Authority Information + Access" extension in the certificate. + items: + type: string + type: array + caOptions: + description: Optional. Describes options in this X509Parameters + that are relevant in a CA certificate. + properties: + isCa: + description: Optional. Refers to the "CA" X.509 extension, + which is a boolean value. When this value is missing, the + extension will be omitted from the CA certificate. + type: boolean + maxIssuerPathLength: + description: Optional. Refers to the path length restriction + X.509 extension. For a CA certificate, this value describes + the depth of subordinate CA certificates that are allowed. + If this value is less than 0, the request will fail. If + this value is missing, the max path length will be omitted + from the CA certificate. + format: int64 + type: integer + type: object + keyUsage: + description: Optional. Indicates the intended use for keys that + correspond to a certificate. + properties: + baseKeyUsage: + description: Describes high-level ways in which a key may + be used. + properties: + certSign: + description: The key may be used to sign certificates. + type: boolean + contentCommitment: + description: The key may be used for cryptographic commitments. + Note that this may also be referred to as "non-repudiation". + type: boolean + crlSign: + description: The key may be used sign certificate revocation + lists. + type: boolean + dataEncipherment: + description: The key may be used to encipher data. + type: boolean + decipherOnly: + description: The key may be used to decipher only. + type: boolean + digitalSignature: + description: The key may be used for digital signatures. + type: boolean + encipherOnly: + description: The key may be used to encipher only. + type: boolean + keyAgreement: + description: The key may be used in a key agreement protocol. + type: boolean + keyEncipherment: + description: The key may be used to encipher other keys. + type: boolean + type: object + extendedKeyUsage: + description: Detailed scenarios in which a key may be used. + properties: + clientAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially + described as "TLS WWW client authentication", though + regularly used for non-WWW TLS. + type: boolean + codeSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially + described as "Signing of downloadable executable code + client authentication". + type: boolean + emailProtection: + description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially + described as "Email protection". + type: boolean + ocspSigning: + description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially + described as "Signing OCSP responses". + type: boolean + serverAuth: + description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially + described as "TLS WWW server authentication", though + regularly used for non-WWW TLS. + type: boolean + timeStamping: + description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially + described as "Binding the hash of an object to a time". + type: boolean + type: object + unknownExtendedKeyUsages: + description: Used to describe extended key usages that are + not listed in the KeyUsage.ExtendedKeyUsageOptions message. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The + most significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + policyIds: + description: Optional. Describes the X.509 certificate policy + object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + items: + properties: + objectIdPath: + description: Required. The parts of an OID path. The most + significant parts of the path come first. + items: + format: int64 + type: integer + type: array + required: + - objectIdPath + type: object + type: array + type: object + projectRef: + description: Immutable. The Project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The project for the resource + + Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - location + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: Output only. The time at which this CertificateTemplate + was created. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: Output only. The time at which this CertificateTemplate + was updated. + format: date-time + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: projects.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: Project + plural: projects + shortNames: + - gcpproject + - gcpprojects + singular: project + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + oneOf: + - required: + - folderRef + - required: + - organizationRef + - not: + anyOf: + - required: + - folderRef + - required: + - organizationRef + properties: + billingAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `BillingAccount` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + folderRef: + description: |- + The folder that this resource belongs to. Changing this forces the + resource to be migrated to the newly specified folder. Only one of + folderRef or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `folderId` field of a `Folder` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + name: + description: The display name of the project. + type: string + organizationRef: + description: |- + The organization that this resource belongs to. Changing this + forces the resource to be migrated to the newly specified + organization. Only one of folderRef or organizationRef may be + specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The projectId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - name + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + number: + description: The numeric identifier of the project. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitereservations.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteReservation + plural: pubsublitereservations + shortNames: + - gcppubsublitereservation + - gcppubsublitereservations + singular: pubsublitereservation + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite reservation. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + throughputCapacity: + description: |- + The reserved throughput capacity. Every unit of throughput capacity is + equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed + messages. + type: integer + required: + - projectRef + - region + - throughputCapacity + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitesubscriptions.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteSubscription + plural: pubsublitesubscriptions + shortNames: + - gcppubsublitesubscription + - gcppubsublitesubscriptions + singular: pubsublitesubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + deliveryConfig: + description: The settings for this subscription's message delivery. + properties: + deliveryRequirement: + description: 'When this subscription should send messages to subscribers + relative to messages persistence in storage. Possible values: + ["DELIVER_IMMEDIATELY", "DELIVER_AFTER_STORED", "DELIVERY_REQUIREMENT_UNSPECIFIED"].' + type: string + required: + - deliveryRequirement + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + topic: + description: Immutable. A reference to a Topic resource. + type: string + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - topic + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsublitetopics.pubsublite.cnrm.cloud.google.com +spec: + group: pubsublite.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubLiteTopic + plural: pubsublitetopics + shortNames: + - gcppubsublitetopic + - gcppubsublitetopics + singular: pubsublitetopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + partitionConfig: + description: The settings for this topic's partitions. + properties: + capacity: + description: The capacity configuration. + properties: + publishMibPerSec: + description: Subscribe throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + subscribeMibPerSec: + description: Publish throughput capacity per partition in + MiB/s. Must be >= 4 and <= 16. + type: integer + required: + - publishMibPerSec + - subscribeMibPerSec + type: object + count: + description: The number of partitions in the topic. Must be at + least 1. + type: integer + required: + - count + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: The region of the pubsub lite topic. + type: string + reservationConfig: + description: The settings for this topic's Reservation usage. + properties: + throughputReservation: + description: The Reservation to use for this topic's throughput + capacity. + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retentionConfig: + description: The settings for a topic's message retention. + properties: + perPartitionBytes: + description: |- + The provisioned storage, in bytes, per partition. If the number of bytes stored + in any of the topic's partitions grows beyond this value, older messages will be + dropped to make room for newer ones, regardless of the value of period. + type: string + period: + description: |- + How long a published message is retained. If unset, messages will be retained as + long as the bytes retained for each partition is below perPartitionBytes. A + duration in seconds with up to nine fractional digits, terminated by 's'. + Example: "3.5s". + type: string + required: + - perPartitionBytes + type: object + zone: + description: The zone of the pubsub lite topic. + type: string + required: + - projectRef + - zone + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubschemas.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSchema + plural: pubsubschemas + shortNames: + - gcppubsubschema + - gcppubsubschemas + singular: pubsubschema + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + definition: + description: |- + Immutable. The definition of the schema. + This should contain a string representing the full definition of the schema + that is a valid schema definition of the type specified in type. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: + description: 'Immutable. The type of the schema definition Default + value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", + "PROTOCOL_BUFFER", "AVRO"].' + type: string + required: + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubSubscription + plural: pubsubsubscriptions + shortNames: + - gcppubsubsubscription + - gcppubsubsubscriptions + singular: pubsubsubscription + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + ackDeadlineSeconds: + description: |- + This value is the maximum time after a subscriber receives a message + before the subscriber should acknowledge the message. After message + delivery but before the ack deadline expires and before the message is + acknowledged, it is an outstanding message and will not be delivered + again during that time (on a best-effort basis). + + For pull subscriptions, this value is used as the initial value for + the ack deadline. To override this value for a given message, call + subscriptions.modifyAckDeadline with the corresponding ackId if using + pull. The minimum custom deadline you can specify is 10 seconds. The + maximum custom deadline you can specify is 600 seconds (10 minutes). + If this parameter is 0, a default value of 10 seconds is used. + + For push delivery, this value is also used to set the request timeout + for the call to the push endpoint. + + If the subscriber never acknowledges the message, the Pub/Sub system + will eventually redeliver the message. + type: integer + bigqueryConfig: + description: |- + If delivery to BigQuery is used with this subscription, this field is used to configure it. + Either pushConfig or bigQueryConfig can be set, but not both. + If both are empty, then the subscriber will pull and ack messages using API methods. + properties: + dropUnknownFields: + description: |- + When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. + Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. + type: boolean + tableRef: + description: The name of the table to which to write data. + oneOf: + - not: required: - - resources - type: object - type: array + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, + where {{value}} is the `name` field of a `BigQueryTable` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + useTopicSchema: + description: When true, use the topic's schema as the columns + to write to in BigQuery, if it exists. + type: boolean + writeMetadata: + description: |- + When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. + The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. + type: boolean + required: + - tableRef + type: object + deadLetterPolicy: + description: |- + A policy that specifies the conditions for dead lettering messages in + this subscription. If dead_letter_policy is not set, dead lettering + is disabled. + + The Cloud Pub/Sub service account associated with this subscription's + parent project (i.e., + service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have + permission to Acknowledge() messages on this subscription. + properties: + deadLetterTopicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + maxDeliveryAttempts: + description: "The maximum number of delivery attempts for any + message. The value must be\nbetween 5 and 100.\n\nThe number + of delivery attempts is defined as 1 + (the sum of number of + \nNACKs and number of times the acknowledgement deadline has + been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline + with a 0 deadline. Note that\nclient libraries may automatically + extend ack_deadlines.\n\nThis field will be honored on a best + effort basis.\n\nIf this parameter is 0, a default value of + 5 is used." + type: integer + type: object + enableExactlyOnceDelivery: + description: |- + If 'true', Pub/Sub provides the following guarantees for the delivery + of a message with a given value of messageId on this Subscriptions': + + - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. + + - An acknowledged message will not be resent to a subscriber. + + Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' + is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. + type: boolean + enableMessageOrdering: + description: |- + Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to + the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they + may be delivered in any order. + type: boolean + expirationPolicy: + description: |- + A policy that specifies the conditions for this subscription's expiration. + A subscription is considered active as long as any connected subscriber + is successfully consuming messages from the subscription or is issuing + operations on the subscription. If expirationPolicy is not set, a default + policy with ttl of 31 days will be used. If it is set but ttl is "", the + resource never expires. The minimum allowed value for expirationPolicy.ttl + is 1 day. + properties: + ttl: + description: |- + Specifies the "time-to-live" duration for an associated resource. The + resource expires if it is not active for a period of ttl. + If ttl is set to "", the associated resource never expires. + A duration in seconds with up to nine fractional digits, terminated by 's'. + Example - "3.5s". + type: string + required: + - ttl + type: object + filter: + description: "Immutable. The subscription only delivers the messages + that match the filter. \nPub/Sub automatically acknowledges the + messages that don't match the filter. You can filter messages\nby + their attributes. The maximum length of a filter is 256 bytes. After + creating the subscription, \nyou can't modify the filter." + type: string + messageRetentionDuration: + description: |- + How long to retain unacknowledged messages in the subscription's + backlog, from the moment a message is published. If + retain_acked_messages is true, then this also configures the retention + of acknowledged messages, and thus configures how far back in time a + subscriptions.seek can be done. Defaults to 7 days. Cannot be more + than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). + + A duration in seconds with up to nine fractional digits, terminated + by 's'. Example: '"600.5s"'. + type: string + pushConfig: + description: |- + If push delivery is used with this subscription, this field is used to + configure it. An empty pushConfig signifies that the subscriber will + pull and ack messages using API methods. + properties: + attributes: + additionalProperties: + type: string + description: |- + Endpoint configuration attributes. + + Every endpoint has a set of API supported attributes that can + be used to control different aspects of the message delivery. + + The currently supported attribute is x-goog-version, which you + can use to change the format of the pushed message. This + attribute indicates the version of the data expected by + the endpoint. This controls the shape of the pushed message + (i.e., its fields and metadata). The endpoint version is + based on the version of the Pub/Sub API. + + If not present during the subscriptions.create call, + it will default to the version of the API used to make + such call. If not present during a subscriptions.modifyPushConfig + call, its value will not be changed. subscriptions.get + calls will always return a valid version, even if the + subscription was created without this attribute. + + The possible values for this attribute are: + + - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. + - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. + type: object + oidcToken: + description: |- + If specified, Pub/Sub will generate and attach an OIDC JWT token as + an Authorization header in the HTTP request for every pushed message. + properties: + audience: + description: |- + Audience to be used when generating OIDC token. The audience claim + identifies the recipients that the JWT is intended for. The audience + value is a single case-sensitive string. Having multiple values (array) + for the audience field is not supported. More info about the OIDC JWT + token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 + Note: if not specified, the Push endpoint URL will be used. + type: string + serviceAccountEmail: + description: |- + Service account email to be used for generating the OIDC token. + The caller (for subscriptions.create, subscriptions.patch, and + subscriptions.modifyPushConfig RPCs) must have the + iam.serviceAccounts.actAs permission for the service account. + type: string + required: + - serviceAccountEmail + type: object + pushEndpoint: + description: |- + A URL locating the endpoint to which messages should be pushed. + For example, a Webhook endpoint might use + "https://example.com/push". + type: string + required: + - pushEndpoint + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + retainAckedMessages: + description: |- + Indicates whether to retain acknowledged messages. If 'true', then + messages are not expunged from the subscription's backlog, even if + they are acknowledged, until they fall out of the + messageRetentionDuration window. + type: boolean + retryPolicy: + description: "A policy that specifies how Pub/Sub retries message + delivery for this subscription.\n\nIf not set, the default retry + policy is applied. This generally implies that messages will be + retried as soon as possible for healthy subscribers. \nRetryPolicy + will be triggered on NACKs or acknowledgement deadline exceeded + events for a given message." + properties: + maximumBackoff: + description: "The maximum delay between consecutive deliveries + of a given message. Value should be between 0 and 600 seconds. + Defaults to 600 seconds. \nA duration in seconds with up to + nine fractional digits, terminated by 's'. Example: \"3.5s\"." + type: string + minimumBackoff: + description: |- + The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". + type: string + type: object + topicRef: + description: Reference to a PubSubTopic. + oneOf: + - not: + required: + - external required: - - id - - mode - - resourceGroups + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string type: object type: array - projectRef: - description: Immutable. The Project that this resource belongs to. + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: pubsubtopics.pubsub.cnrm.cloud.google.com +spec: + group: pubsub.cnrm.cloud.google.com + names: + categories: + - gcp + kind: PubSubTopic + plural: pubsubtopics + shortNames: + - gcppubsubtopic + - gcppubsubtopics + singular: pubsubtopic + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + kmsKeyRef: + description: |- + The KMSCryptoKey to be used to protect access to messages published + on this topic. Your project's Pub/Sub service account + ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') + must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this + feature. oneOf: - not: required: @@ -68782,10 +100833,8 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -68794,62 +100843,84 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + messageRetentionDuration: + description: |- + Indicates the minimum duration to retain a message after it is published + to the topic. If this field is set, messages published to the topic in + the last messageRetentionDuration are always available to subscribers. + For instance, it allows any attached subscription to seek to a timestamp + that is up to messageRetentionDuration in the past. If this field is not + set, message retention is controlled by settings on individual subscriptions. + Cannot be more than 31 days or less than 10 minutes. + type: string + messageStoragePolicy: + description: |- + Policy constraining the set of Google Cloud Platform regions where + messages published to the topic may be stored. If not present, then no + constraints are in effect. + properties: + allowedPersistenceRegions: + description: |- + A list of IDs of GCP regions where messages that are published to + the topic may be persisted in storage. Messages published by + publishers running in non-allowed GCP regions (or running outside + of GCP altogether) will be routed for storage in one of the + allowed regions. An empty list means that no regions are allowed, + and is not a valid configuration. + items: + type: string + type: array + required: + - allowedPersistenceRegions + type: object resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rollout: - description: 'Required. Rollout to deploy the OS policy assignment. - A rollout is triggered in the following situations: 1) OSPolicyAssignment - is created. 2) OSPolicyAssignment is updated and the update contains - changes to one of the following fields: - instance_filter - os_policies - 3) OSPolicyAssignment is deleted.' + schemaSettings: + description: Settings for validating messages published against a + schema. properties: - disruptionBudget: - description: Required. The maximum number (or percentage) of VMs - per zone to disrupt at any given moment. + encoding: + description: 'Immutable. The encoding of messages validated against + schema. Default value: "ENCODING_UNSPECIFIED" Possible values: + ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' + type: string + schemaRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - fixed: - description: Specifies a fixed value. - format: int64 - type: integer - percent: - description: Specifies the relative value defined as a percentage, - which will be multiplied by a reference value. - format: int64 - type: integer + external: + description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, + where {{value}} is the `name` field of a `PubSubSchema` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - minWaitDuration: - description: Required. This determines the minimum duration of - time to wait after the configuration changes are applied through - the current rollout. A VM continues to count towards the `disruption_budget` - at least until this duration of time has passed after configuration - changes are applied. - type: string required: - - disruptionBudget - - minWaitDuration + - schemaRef type: object - skipAwaitRollout: - description: Set to true to skip awaiting rollout during resource - creation and update. - type: boolean - required: - - instanceFilter - - location - - osPolicies - - projectRef - - rollout type: object status: properties: - baseline: - description: Output only. Indicates that this revision has been successfully - rolled out in this zone and new VMs will be assigned OS policies - from this revision. For a given OS policy assignment, there is only - one revision with a value of `true` for this field. - type: boolean conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -68876,14 +100947,6 @@ spec: type: string type: object type: array - deleted: - description: Output only. Indicates that this revision deletes the - OS policy assignment. - type: boolean - etag: - description: The etag for this OS policy assignment. If this is provided - on update, it must match the server's etag. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -68891,31 +100954,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Indicates that reconciliation is in progress - for the revision. This value is `true` when the `rollout_state` - is one of: * IN_PROGRESS * CANCELLING' - type: boolean - revisionCreateTime: - description: Output only. The timestamp that the revision was created. - format: date-time - type: string - revisionId: - description: Output only. The assignment revision ID A new revision - is committed whenever a rollout is triggered for a OS policy assignment - type: string - rolloutState: - description: 'Output only. OS policy assignment rollout state Possible - values: ROLLOUT_STATE_UNSPECIFIED, IN_PROGRESS, CANCELLING, CANCELLED, - SUCCEEDED' - type: string - uid: - description: Output only. Server generated unique id for the OS policy - assignment resource. - type: string type: object - required: - - spec type: object served: true storage: true @@ -68932,25 +100971,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacapools.privateca.cnrm.cloud.google.com + name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: recaptchaenterprise.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACAPool - plural: privatecacapools + kind: RecaptchaEnterpriseKey + plural: recaptchaenterprisekeys shortNames: - - gcpprivatecacapool - - gcpprivatecacapools - singular: privatecacapool + - gcprecaptchaenterprisekey + - gcprecaptchaenterprisekeys + singular: recaptchaenterprisekey preserveUnknownFields: false scope: Namespaced versions: @@ -68963,352 +101002,63 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - issuancePolicy: - description: Optional. The IssuancePolicy to control how Certificates - will be issued from this CaPool. - properties: - allowedIssuanceModes: - description: Optional. If specified, then only methods allowed - in the IssuanceModes may be used to issue Certificates. - properties: - allowConfigBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CertificateConfig. - type: boolean - allowCsrBasedIssuance: - description: Optional. When true, allows callers to create - Certificates by specifying a CSR. - type: boolean - type: object - allowedKeyTypes: - description: Optional. If any AllowedKeyType is specified, then - the certificate request's public key must match one of the key - types listed here. Otherwise, any key may be used. - items: - properties: - ellipticCurve: - description: Represents an allowed Elliptic Curve key type. - properties: - signatureAlgorithm: - description: 'Optional. A signature algorithm that must - be used. If this is omitted, any EC-based signature - algorithm will be allowed. Possible values: EC_SIGNATURE_ALGORITHM_UNSPECIFIED, - ECDSA_P256, ECDSA_P384, EDDSA_25519' - type: string - type: object - rsa: - description: Represents an allowed RSA key type. - properties: - maxModulusSize: - description: Optional. The maximum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service will not enforce an explicit upper bound - on RSA modulus sizes. - format: int64 - type: integer - minModulusSize: - description: Optional. The minimum allowed RSA modulus - size, in bits. If this is not set, or if set to zero, - the service-level min RSA modulus size will continue - to apply. - format: int64 - type: integer - type: object - type: object - type: array - baselineValues: - description: Optional. A set of X.509 values that will be applied - to all certificates issued through this CaPool. If a certificate - request includes conflicting values for the same properties, - they will be overwritten by the values defined here. If a certificate - request uses a CertificateTemplate that defines conflicting - predefined_values for the same properties, the certificate issuance - request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - identityConstraints: - description: Optional. Describes constraints on identities that - may appear in Certificates issued through this CaPool. If this - is omitted, then this CaPool will not add restrictions on a - certificate's identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames - extension may be copied from a certificate request into - the signed certificate. Otherwise, the requested SubjectAltNames - will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field - may be copied from a certificate request into the signed - certificate. Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to - validate the resolved X.509 Subject and/or Subject Alternative - Name before a certificate is signed. To see the full allowed - syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. - This is a longer text which describes the expression, - e.g. when hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in - Common Expression Language syntax. - type: string - location: - description: Optional. String indicating the location - of the expression for error reporting, e.g. a file name - and a position in the file. - type: string - title: - description: Optional. Title for the expression, i.e. - a short string describing its purpose. This can be used - e.g. in UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - maximumLifetime: - description: Optional. The maximum lifetime allowed for issued - Certificates. Note that if the issuing CertificateAuthority - expires before a Certificate's requested maximum_lifetime, the - effective lifetime will be explicitly truncated to match it. - type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued through this CaPool. If a - certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If - a certificate request uses a CertificateTemplate with predefined_values - that don't appear here, the certificate issuance request will - fail. If this is omitted, then this CaPool will not add restrictions - on a certificate's X.509 extensions. These constraints do not - apply to X.509 extensions set in this CaPool's baseline_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom - X.509 extensions. Will be combined with known_extensions - to determine the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will - be combined with additional_extensions to determine the - full set of X.509 extensions. - items: - type: string - type: array - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + androidSettings: + description: Settings for keys that can be used by Android apps. + properties: + allowAllPackageNames: + description: If set to true, it means allowed_package_names will + not be enforced. + type: boolean + allowedPackageNames: + description: 'Android package names of apps allowed to use the + key. Example: ''com.companyname.appname''' + items: + type: string + type: array type: object - location: - description: Immutable. The location for the resource + displayName: + description: Human-readable display name of this key. Modifiable by + user. type: string + iosSettings: + description: Settings for keys that can be used by iOS apps. + properties: + allowAllBundleIds: + description: If set to true, it means allowed_bundle_ids will + not be enforced. + type: boolean + allowedBundleIds: + description: 'iOS bundle ids of apps allowed to use the key. Example: + ''com.companyname.productname.appname''' + items: + type: string + type: array + type: object projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -69339,40 +101089,480 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - publishingOptions: - description: Optional. The PublishingOptions to follow when issuing - Certificates from any CertificateAuthority in this CaPool. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + testingOptions: + description: Immutable. Options for user acceptance testing. properties: - publishCaCert: - description: Optional. When true, publishes each CertificateAuthority's - CA certificate and includes its URL in the "Authority Information - Access" X.509 extension in all issued Certificates. If this - is false, the CA certificate will not be published and the corresponding - X.509 extension will not be written in issued certificates. + testingChallenge: + description: 'Immutable. For challenge-based keys only (CHECKBOX, + INVISIBLE), all challenge requests for this site will return + nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. + Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' + type: string + testingScore: + description: Immutable. All assessments for this Key will return + this score. Must be between 0 (likely not legitimate) and 1 + (likely legitimate) inclusive. + format: double + type: number + type: object + webSettings: + description: Settings for keys that can be used by websites. + properties: + allowAllDomains: + description: If set to true, it means allowed_domains will not + be enforced. type: boolean - publishCrl: - description: Optional. When true, publishes each CertificateAuthority's - CRL and includes its URL in the "CRL Distribution Points" X.509 - extension in all issued Certificates. If this is false, CRLs - will not be published and the corresponding X.509 extension - will not be written in issued certificates. CRLs will expire - 7 days from their creation. However, we will rebuild daily. - CRLs are also rebuilt shortly after a certificate is revoked. + allowAmpTraffic: + description: If set to true, the key can be used on AMP (Accelerated + Mobile Pages) websites. This is supported only for the SCORE + integration type. type: boolean + allowedDomains: + description: 'Domains or subdomains of websites allowed to use + the key. All subdomains of an allowed domain are automatically + allowed. A valid domain requires a host and must not include + any path, port, query or fragment. Examples: ''example.com'' + or ''subdomain.example.com''' + items: + type: string + type: array + challengeSecurityPreference: + description: 'Settings for the frequency and difficulty at which + this key triggers captcha challenges. This should only be specified + for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: + CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, + SECURITY' + type: string + integrationType: + description: 'Immutable. Required. Describes how this key is integrated + with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' + type: string + required: + - integrationType + type: object + required: + - displayName + - projectRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp corresponding to the creation of this Key. + format: date-time + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: redisinstances.redis.cnrm.cloud.google.com +spec: + group: redis.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RedisInstance + plural: redisinstances + shortNames: + - gcpredisinstance + - gcpredisinstances + singular: redisinstance + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + alternativeLocationId: + description: |- + Immutable. Only applicable to STANDARD_HA tier which protects the instance + against zonal failures by provisioning it across two zones. + If provided, it must be a different zone from the one provided in + [locationId]. + type: string + authEnabled: + description: |- + Optional. Indicates whether OSS Redis AUTH is enabled for the + instance. If set to "true" AUTH is enabled on the instance. + Default value is "false" meaning AUTH is disabled. + type: boolean + authString: + description: AUTH String set on the instance. This field will only + be populated if auth_enabled is true. + type: string + authorizedNetworkRef: + description: |- + The network to which the instance is connected. If left + unspecified, the default network will be used. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + connectMode: + description: 'Immutable. The connection mode of the Redis instance. + Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", + "PRIVATE_SERVICE_ACCESS"].' + type: string + customerManagedKeyRef: + description: |- + Immutable. Optional. The KMS key reference that you want to use to + encrypt the data at rest for this Redis instance. If this is + provided, CMEK is enabled. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + displayName: + description: An arbitrary and optional user-provided name for the + instance. + type: string + locationId: + description: |- + Immutable. The zone where the instance will be provisioned. If not provided, + the service will choose a zone for the instance. For STANDARD_HA tier, + instances will be created across two zones for protection against + zonal failures. If [alternativeLocationId] is also provided, it must + be different from [locationId]. + type: string + maintenancePolicy: + description: Maintenance policy for an instance. + properties: + createTime: + description: |- + Output only. The time when the policy was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + description: + description: |- + Optional. Description of what this policy is for. + Create/Update methods return INVALID_ARGUMENT if the + length is greater than 512. + type: string + updateTime: + description: |- + Output only. The time when the policy was last updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + weeklyMaintenanceWindow: + description: |- + Optional. Maintenance window that is applied to resources covered by this policy. + Minimum 1. For the current version, the maximum number + of weekly_window is expected to be one. + items: + properties: + day: + description: |- + Required. The day of week that maintenance updates occur. + + - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. + - MONDAY: Monday + - TUESDAY: Tuesday + - WEDNESDAY: Wednesday + - THURSDAY: Thursday + - FRIDAY: Friday + - SATURDAY: Saturday + - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. + type: string + duration: + description: |- + Output only. Duration of the maintenance window. + The current window is fixed at 1 hour. + A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". + type: string + startTime: + description: Required. Start time of the window in UTC time. + properties: + hours: + description: |- + Hours of day in 24 hour format. Should be from 0 to 23. + An API may choose to allow the value "24:00:00" for scenarios like business closing time. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 + to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must + be from 0 to 999,999,999. + type: integer + seconds: + description: |- + Seconds of minutes of the time. Must normally be from 0 to 59. + An API may allow the value 60 if it allows leap-seconds. + type: integer + type: object + required: + - day + - startTime + type: object + type: array + type: object + maintenanceSchedule: + description: Upcoming maintenance schedule. + properties: + endTime: + description: |- + Output only. The end time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + scheduleDeadlineTime: + description: |- + Output only. The deadline that the maintenance schedule start time + can not go beyond, including reschedule. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + startTime: + description: |- + Output only. The start time of any upcoming scheduled maintenance for this instance. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + type: string + type: object + memorySizeGb: + description: Redis memory size in GiB. + type: integer + persistenceConfig: + description: Persistence configuration for an instance. + properties: + persistenceMode: + description: "Optional. Controls whether Persistence features + are enabled. If not provided, the existing value will be used.\n\n- + DISABLED: \tPersistence is disabled for the instance, and any + existing snapshots are deleted.\n- RDB: RDB based Persistence + is enabled. Possible values: [\"DISABLED\", \"RDB\"]." + type: string + rdbNextSnapshotTime: + description: |- + Output only. The next time that a snapshot attempt is scheduled to occur. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + rdbSnapshotPeriod: + description: "Optional. Available snapshot periods for scheduling.\n\n- + ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every + 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot + every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", + \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." + type: string + rdbSnapshotStartTime: + description: |- + Optional. Date and time that the first snapshot was/will be attempted, + and to which future snapshots will be aligned. If not provided, + the current time will be used. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + type: object + readReplicasMode: + description: |- + Optional. Read replica mode. Can only be specified when trying to create the instance. + If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. + - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the + instance cannot scale up or down the number of replicas. + - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance + can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. + type: string + redisConfigs: + additionalProperties: + type: string + description: |- + Redis configuration parameters, according to http://redis.io/topics/config. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. type: object + redisVersion: + description: |- + The version of Redis software. If not provided, latest supported + version will be used. Please check the API documentation linked + at the top for the latest valid values. + type: string + region: + description: Immutable. The name of the Redis region of the instance. + type: string + replicaCount: + description: |- + Optional. The number of replica nodes. The valid range for the Standard Tier with + read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled + for a Standard Tier instance, the only valid value is 1 and the default is 1. + The valid value for basic tier is 0 and the default is also 0. + type: integer + reservedIpRange: + description: |- + Immutable. The CIDR range of internal addresses that are reserved for this + instance. If not provided, the service will choose an unused /29 + block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be + unique and non-overlapping with existing subnets in an authorized + network. + type: string resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + secondaryIpRange: + description: |- + Optional. Additional IP range for node placement. Required when enabling read replicas on + an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or + "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address + range associated with the private service access connection, or "auto". + type: string tier: - description: 'Immutable. Required. Immutable. The Tier of this CaPool. - Possible values: TIER_UNSPECIFIED, ENTERPRISE, DEVOPS' + description: |- + Immutable. The service tier of the instance. Must be one of these values: + + - BASIC: standalone instance + - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. + type: string + transitEncryptionMode: + description: |- + Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. + + - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. type: string required: - - location - - projectRef - - tier + - memorySizeGb + - region type: object status: properties: @@ -69402,6 +101592,36 @@ spec: type: string type: object type: array + createTime: + description: |- + The time the instance was created in RFC3339 UTC "Zulu" format, + accurate to nanoseconds. + type: string + currentLocationId: + description: |- + The current zone where the Redis endpoint is placed. + For Basic Tier instances, this will always be the same as the + [locationId] provided by the user at creation time. For Standard Tier + instances, this can be either [locationId] or [alternativeLocationId] + and can change after a failover event. + type: string + host: + description: |- + Hostname or IP address of the exposed Redis endpoint used by clients + to connect to the service. + type: string + nodes: + description: Output only. Info per node. + items: + properties: + id: + description: Node identifying string. e.g. 'node-0', 'node-1'. + type: string + zone: + description: Location of the node. + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -69409,6 +101629,48 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + persistenceIamIdentity: + description: |- + Output only. Cloud IAM identity used by import / export operations + to transfer data to/from Cloud Storage. Format is "serviceAccount:". + The value may change over time for a given instance so should be + checked before each import/export operation. + type: string + port: + description: The port number of the exposed Redis endpoint. + type: integer + readEndpoint: + description: |- + Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. + Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes + will exhibit some lag behind the primary. Write requests must target 'host'. + type: string + readEndpointPort: + description: |- + Output only. The port number of the exposed readonly redis endpoint. Standard tier only. + Write requests should target 'port'. + type: integer + serverCaCerts: + description: List of server CA certificates for the instance. + items: + properties: + cert: + description: The certificate data in PEM format. + type: string + createTime: + description: The time when the certificate was created. + type: string + expireTime: + description: The time when the certificate expires. + type: string + serialNumber: + description: Serial number, as extracted from the certificate. + type: string + sha1Fingerprint: + description: Sha1 Fingerprint of the certificate. + type: string + type: object + type: array type: object required: - spec @@ -69420,868 +101682,134 @@ spec: status: acceptedNames: kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/dcl2crd: "true" - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - name: privatecacertificateauthorities.privateca.cnrm.cloud.google.com -spec: - group: privateca.cnrm.cloud.google.com - names: - categories: - - gcp - kind: PrivateCACertificateAuthority - plural: privatecacertificateauthorities - shortNames: - - gcpprivatecacertificateauthority - - gcpprivatecacertificateauthorities - singular: privatecacertificateauthority - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The caPool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - config: - description: Immutable. Required. Immutable. The config used to create - a self-signed X.509 certificate or CSR. - properties: - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - customSans: - description: Immutable. Contains additional subject alternative - name values. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the - client does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this - X.509 extension. - properties: - objectIdPath: - description: Immutable. Required. The parts - of an OID path. The most significant parts - of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. - properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. Refers to the "CA" X.509 - extension, which is a boolean value. When this value - is missing, the extension will be omitted from the CA - certificate. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the path length - restriction X.509 extension. For a CA certificate, this - value describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - required: - - subjectConfig - - x509Config - type: object - gcsBucketRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Immutable. The name of a Cloud Storage bucket where this CertificateAuthority will publish content, such as the CA certificate and CRLs. This must be a bucket name, without any prefixes (such as `gs://`) or suffixes (such as `.googleapis.com`). For example, to use a bucket named `my-bucket`, you would simply specify `my-bucket`. If not specified, a managed bucket will be created. - - Allowed value: The Google Cloud resource name of a `StorageBucket` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - keySpec: - description: Immutable. Required. Immutable. Used when issuing certificates - for this CertificateAuthority. If this CertificateAuthority is a - self-signed CertificateAuthority, this key is also used to sign - the self-signed CA certificate. Otherwise, it is used to sign a - CSR. + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com +spec: + group: resourcemanager.cnrm.cloud.google.com + names: + categories: + - gcp + kind: ResourceManagerLien + plural: resourcemanagerliens + shortNames: + - gcpresourcemanagerlien + - gcpresourcemanagerliens + singular: resourcemanagerlien + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + origin: + description: |- + Immutable. A stable, user-visible/meaningful string identifying the origin + of the Lien, intended to be inspected programmatically. Maximum length of + 200 characters. + type: string + parent: properties: - algorithm: - description: 'Immutable. The algorithm to use for creating a managed - Cloud KMS key for a for a simplified experience. All managed - keys will be have their ProtectionLevel as `HSM`. Possible values: - RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, - RSA_PKCS1_2048_SHA256, RSA_PKCS1_3072_SHA256, RSA_PKCS1_4096_SHA256, - EC_P256_SHA256, EC_P384_SHA384' - type: string - cloudKmsKeyVersionRef: - description: Immutable. + projectRef: oneOf: - not: required: - external required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: The resource name for an existing Cloud KMS CryptoKeyVersion - in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. - This option enables full flexibility in the key's capabilities - and properties. - type: string - name: - description: |- - [WARNING] KMSCryptoKeyVersion not yet supported in Config Connector, use 'external' field to reference existing resources. - Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: object - lifetime: - description: Immutable. Required. The desired lifetime of the CA certificate. - Used to create the "not_before_time" and "not_after_time" fields - inside an X.509 certificate. - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - type: - description: 'Immutable. Required. Immutable. The Type of this CertificateAuthority. - Possible values: SELF_SIGNED, SUBORDINATE' - type: string - required: - - caPoolRef - - config - - keySpec - - lifetime - - location - - projectRef - - type - type: object - status: - properties: - accessUrls: - description: Output only. URLs for accessing content published by - this CA, such as the CA certificate and CRLs. - properties: - caCertificateAccessUrl: - description: The URL where this CertificateAuthority's CA certificate - is published. This will only be set for CAs that have been activated. - type: string - crlAccessUrls: - description: The URLs where this CertificateAuthority's CRLs are - published. This will only be set for CAs that have been activated. - items: - type: string - type: array - type: object - caCertificateDescriptions: - description: Output only. A structured description of this CertificateAuthority's - CA certificate and its issuers. Ordered as self-to-root. - items: - properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in - the certificate. - items: - type: string - type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: - type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. - properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an - issued certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is - the period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time - type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time - type: string - subject: - description: Contains distinguished name fields such as - the common name, location and organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative - name values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, - the client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Required. The parts of an OID - path. The most significant parts of the - path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 - extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit - SHA-1 hash of the public key. - type: string - type: object - x509Description: - description: Describes some of the technical X.509 fields in - a certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does - not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the - "Authority Information Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value - describes the depth of subordinate CA certificates - that are allowed. If this value is less than 0, the - request will fail. If this value is missing, the max - path length will be omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - type: array - type: object - type: object + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: object + reason: + description: |- + Immutable. Concise user-visible strings indicating why an action cannot be performed + on a resource. Maximum length of 200 characters. + type: string + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + restrictions: + description: |- + Immutable. The types of operations which should be blocked as a result of this Lien. + Each value should correspond to an IAM permission. The server will validate + the permissions against those for which Liens are supported. An empty + list is meaningless and will be rejected. + e.g. ['resourcemanager.projects.delete']. + items: + type: string type: array + required: + - origin + - parent + - reason + - restrictions + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -70308,49 +101836,11 @@ spec: type: string type: object type: array - config: - properties: - publicKey: - description: Optional. The public key that corresponds to this - config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Required. The format of the public key. Possible - values: PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string - type: object - x509Config: - properties: - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: - type: string - type: array - type: object - type: object createTime: - description: Output only. The time at which this CertificateAuthority - was created. - format: date-time - type: string - deleteTime: - description: Output only. The time at which this CertificateAuthority - was soft deleted, if it is in the DELETED state. - format: date-time + description: Time of creation. type: string - expireTime: - description: Output only. The time at which this CertificateAuthority - will be permanently purged, if it is in the DELETED state. - format: date-time + name: + description: A system-generated unique identifier for this Lien. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -70359,54 +101849,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCaCertificates: - description: Output only. This CertificateAuthority's certificate - chain, including the current CertificateAuthority's certificate. - Ordered such that the root issuer is the final element (consistent - with RFC 5246). For a self-signed CA, this will only list the current - CertificateAuthority's certificate. - items: - type: string - type: array - state: - description: 'Output only. The State for this CertificateAuthority. - Possible values: ENABLED, DISABLED, STAGED, AWAITING_USER_ACTIVATION, - DELETED' - type: string - subordinateConfig: - description: Optional. If this is a subordinate CertificateAuthority, - this field will be set with the subordinate configuration, which - describes its issuers. This may be updated, but this CertificateAuthority - must continue to validate. - properties: - certificateAuthority: - description: Required. This can refer to a CertificateAuthority - in the same project that was used to create a subordinate CertificateAuthority. - This field is used for information and usability purposes only. - The resource name is in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. - type: string - pemIssuerChain: - description: Required. Contains the PEM certificate chain for - the issuers of this CertificateAuthority, but not pem certificate - for this CA itself. - properties: - pemCertificates: - description: Required. Expected to be in leaf-to-root order - according to RFC 5246. - items: - type: string - type: array - type: object - type: object - tier: - description: 'Output only. The CaPool.Tier of the CaPool that includes - this CertificateAuthority. Possible values: ENTERPRISE, DEVOPS' - type: string - updateTime: - description: Output only. The time at which this CertificateAuthority - was last updated. - format: date-time - type: string type: object required: - spec @@ -70426,25 +101868,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: resourcemanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificate - plural: privatecacertificates + kind: ResourceManagerPolicy + plural: resourcemanagerpolicies shortNames: - - gcpprivatecacertificate - - gcpprivatecacertificates - singular: privatecacertificate + - gcpresourcemanagerpolicy + - gcpresourcemanagerpolicies + singular: resourcemanagerpolicy preserveUnknownFields: false scope: Namespaced versions: @@ -70482,68 +101924,25 @@ spec: type: object spec: properties: - caPoolRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The ca_pool for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACAPool` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - certificateAuthorityRef: - description: Immutable. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + booleanPolicy: + description: A boolean policy is a constraint that is either enforced + or not. properties: - external: - description: |- - The certificate authority for the resource - - Allowed value: The Google Cloud resource name of a `PrivateCACertificateAuthority` resource (format: `projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}/certificateAuthorities/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string + enforced: + description: If true, then the Policy is enforced. If false, then + any configuration is acceptable. + type: boolean + required: + - enforced type: object - certificateTemplateRef: - description: Immutable. + constraint: + description: Immutable. The name of the Constraint the Policy is configuring, + for example, serviceuser.services. + type: string + folderRef: + description: |- + The folder on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. oneOf: - not: required: @@ -70560,10 +101959,7 @@ spec: - external properties: external: - description: |- - Immutable. The resource name for a CertificateTemplate used to issue this certificate, in the format `projects/*/locations/*/certificateTemplates/*`. If this is specified, the caller must have the necessary permission to use this template. If this is omitted, no template will be used. This template must be in the same location as the Certificate. - - Allowed value: The `selfLink` field of a `PrivateCACertificateTemplate` resource. + description: 'Allowed value: The `name` field of a `Folder` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -70572,304 +101968,290 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - config: - description: Immutable. Immutable. A description of the certificate - and key that does not require X.509 or ASN.1. + listPolicy: + description: A policy that can define specific values that are allowed + or denied for the given constraint. It can also be used to allow + or deny all values. . properties: - publicKey: - description: Immutable. Optional. The public key that corresponds - to this config. This is, for example, used when issuing Certificates, - but not when creating a self-signed CertificateAuthority or - CertificateAuthority CSR. - properties: - format: - description: 'Immutable. Required. The format of the public - key. Possible values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Immutable. Required. A public key. The padding - and encoding must match with the `KeyFormat` value specified - for the `format` field. - type: string - required: - - format - - key - type: object - subjectConfig: - description: Immutable. Required. Specifies some of the values - in a certificate that are related to the subject. - properties: - subject: - description: Immutable. Required. Contains distinguished name - fields such as the common name, location and organization. - properties: - commonName: - description: Immutable. The "common name" of the subject. - type: string - countryCode: - description: Immutable. The country code of the subject. - type: string - locality: - description: Immutable. The locality or city of the subject. - type: string - organization: - description: Immutable. The organization of the subject. - type: string - organizationalUnit: - description: Immutable. The organizational_unit of the - subject. - type: string - postalCode: - description: Immutable. The postal code of the subject. - type: string - province: - description: Immutable. The province, territory, or regional - state of the subject. - type: string - streetAddress: - description: Immutable. The street address of the subject. - type: string - type: object - subjectAltName: - description: Immutable. Optional. The subject alternative - name fields. - properties: - dnsNames: - description: Immutable. Contains only valid, fully-qualified - host names. - items: - type: string - type: array - emailAddresses: - description: Immutable. Contains only valid RFC 2822 E-mail - addresses. - items: - type: string - type: array - ipAddresses: - description: Immutable. Contains only valid 32-bit IPv4 - addresses or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Immutable. Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - required: - - subject - type: object - x509Config: - description: Immutable. Required. Describes how some of the technical - X.509 fields in a certificate should be populated. + allow: + description: One or the other must be set. properties: - additionalExtensions: - description: Immutable. Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Immutable. Optional. Indicates whether - or not this extension is critical (i.e., if the client - does not know how to handle this extension, the client - should consider this to be an error). - type: boolean - objectId: - description: Immutable. Required. The OID for this X.509 - extension. - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Immutable. Required. The value of this - X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Immutable. Optional. Describes Online Certificate - Status Protocol (OCSP) endpoint addresses that appear in - the "Authority Information Access" extension in the certificate. + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - type: string - type: array - caOptions: - description: Immutable. Optional. Describes options in this - X509Parameters that are relevant in a CA certificate. - properties: - isCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to true. - type: boolean - maxIssuerPathLength: - description: Immutable. Optional. Refers to the "path - length constraint" in Basic Constraints extension. For - a CA certificate, this value describes the depth of - subordinate CA certificates that are allowed. If this - value is less than 0, the request will fail. - format: int64 - type: integer - nonCa: - description: Immutable. Optional. When true, the "CA" - in Basic Constraints extension will be set to false. - If both `is_ca` and `non_ca` are unset, the extension - will be omitted from the CA certificate. - type: boolean - zeroMaxIssuerPathLength: - description: Immutable. Optional. When true, the "path - length constraint" in Basic Constraints extension will - be set to 0. if both max_issuer_path_length and zero_max_issuer_path_length - are unset, the max path length will be omitted from - the CA certificate. - type: boolean - type: object - keyUsage: - description: Immutable. Optional. Indicates the intended use - for keys that correspond to a certificate. - properties: - baseKeyUsage: - description: Immutable. Describes high-level ways in which - a key may be used. - properties: - certSign: - description: Immutable. The key may be used to sign - certificates. - type: boolean - contentCommitment: - description: Immutable. The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: Immutable. The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: Immutable. The key may be used to encipher - data. - type: boolean - decipherOnly: - description: Immutable. The key may be used to decipher - only. - type: boolean - digitalSignature: - description: Immutable. The key may be used for digital - signatures. - type: boolean - encipherOnly: - description: Immutable. The key may be used to encipher - only. - type: boolean - keyAgreement: - description: Immutable. The key may be used in a key - agreement protocol. - type: boolean - keyEncipherment: - description: Immutable. The key may be used to encipher - other keys. - type: boolean - type: object - extendedKeyUsage: - description: Immutable. Detailed scenarios in which a - key may be used. - properties: - clientAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Immutable. Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Immutable. Used to describe extended key - usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. - items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an - OID path. The most significant parts of the path - come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - type: object - policyIds: - description: Immutable. Optional. Describes the X.509 certificate - policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. + type: string + type: array + type: object + deny: + description: One or the other must be set. + properties: + all: + description: The policy allows or denies all values. + type: boolean + values: + description: The policy can define specific values that are + allowed or denied. items: - properties: - objectIdPath: - description: Immutable. Required. The parts of an OID - path. The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object + type: string type: array type: object + inheritFromParent: + description: If set to true, the values from the effective Policy + of the parent resource are inherited, meaning the values set + in this Policy are added to the values inherited up the hierarchy. + type: boolean + suggestedValue: + description: The Google Cloud Console will try to default to a + configuration that matches the value specified in this field. + type: string + type: object + organizationRef: + description: |- + The organization on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of an `Organization` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + projectRef: + description: |- + The project on which to configure the constraint. Only one of + projectRef, folderRef, or organizationRef may be specified. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + restorePolicy: + description: A restore policy is a constraint to restore the default + policy. + properties: + default: + description: May only be set to true. If set, then the default + Policy is restored. + type: boolean required: - - subjectConfig - - x509Config + - default type: object - lifetime: - description: Immutable. Required. Immutable. The desired lifetime - of a certificate. Used to create the "not_before_time" and "not_after_time" - fields inside an X.509 certificate. Note that the lifetime may be - truncated if it would extend past the life of any certificate authority - in the issuing chain. + version: + description: Version of the Policy. Default version is 0. + type: integer + required: + - constraint + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + etag: + description: The etag of the organization policy. etag is used for + optimistic concurrency control as a way to help prevent simultaneous + updates of a policy from overwriting each other. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate + to nanoseconds, representing when the variable was last updated. + Example: "2016-10-09T12:33:37.578138407Z".' + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/dcl2crd: "true" + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + name: runservices.run.cnrm.cloud.google.com +spec: + group: run.cnrm.cloud.google.com + names: + categories: + - gcp + kind: RunService + plural: runservices + shortNames: + - gcprunservice + - gcprunservices + singular: runservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: 'Unstructured key value map that may be set by external + tools to store and arbitrary metadata. They are not queryable and + should be preserved when modifying objects. Cloud Run will populate + some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' + namespaces. This field follows Kubernetes annotations'' namespacing, + limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + binaryAuthorization: + description: Settings for the Binary Authorization feature. + properties: + breakglassJustification: + description: If present, indicates to use Breakglass using this + justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass + type: string + useDefault: + description: If True, indicates to use the default project's binary + authorization policy. If False, binary authorization will be + disabled + type: boolean + type: object + client: + description: Arbitrary identifier for the API client. + type: string + clientVersion: + description: Arbitrary version identifier for the API client. + type: string + description: + description: User-provided description of the Service. + type: string + ingress: + description: Provides the ingress settings for this Service. On output, + returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED + if no revision is active. + type: string + launchStage: + description: 'The launch stage as defined by [Google Cloud Platform + Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud + Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, + GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, + PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' type: string location: description: Immutable. The location for the resource type: string - pemCsr: - description: Immutable. Immutable. A pem-encoded X.509 certificate - signing request (CSR). - type: string projectRef: description: Immutable. The Project that this resource belongs to. oneOf: @@ -70905,348 +102287,533 @@ spec: creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - subjectMode: - description: 'Immutable. Immutable. Specifies how the Certificate''s - identity fields are to be decided. If this is omitted, the `DEFAULT` - subject mode will be used. Possible values: SUBJECT_REQUEST_MODE_UNSPECIFIED, - DEFAULT, REFLECTED_SPIFFE' - type: string - required: - - caPoolRef - - lifetime - - location - - projectRef - type: object - status: - properties: - certificateDescription: - description: Output only. A structured description of the issued X.509 - certificate. + template: + description: Required. The template used to create revisions for this + Service. properties: - aiaIssuingCertificateUrls: - description: Describes lists of issuer CA certificate URLs that - appear in the "Authority Information Access" extension in the - certificate. - items: + annotations: + additionalProperties: type: string + description: KRM-style annotations for the resource. + type: object + containerConcurrency: + description: Sets the maximum number of requests that each serving + instance can receive. + format: int64 + type: integer + containers: + description: Holds the single container that defines the unit + of execution for this Revision. + items: + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. The $(VAR_NAME) syntax + can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether + the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The docker image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will be + unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will + never be expanded, regardless of whether the variable + exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + properties: + name: + description: Required. Name of the environment variable. + Must be a C_IDENTIFIER, and mnay not exceed 32768 + characters. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previous defined environment + variables in the container and any route environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + The $(VAR_NAME) syntax can be escaped with a double + $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable + exists or not. Defaults to "", and the maximum length + is 32768 bytes.' + type: string + valueSource: + description: Source for the environment variable's + value. + properties: + secretKeyRef: + description: Selects a secret and a specific version + from Cloud Secret Manager. + properties: + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Required. URL of the Container image in Google + Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + type: string + name: + description: Name of the container specified as a DNS_LABEL. + type: string + ports: + description: List of ports to expose from the container. + Only a single port can be specified. The specified ports + must be listening on all interfaces (0.0.0.0) within the + container to be accessible. If omitted, a port number + will be chosen and passed to the container through the + PORT environment variable for the container to listen + on. + items: + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < container_port + < 65536. + format: int64 + type: integer + name: + description: If specified, used to specify which protocol + to use. Allowed values are "http1" and "h2c". + type: string + type: object + type: array + resources: + description: 'Compute Resource requirements by this container. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + cpuIdle: + description: Determines whether CPU should be throttled + or not outside of requests. + type: boolean + limits: + additionalProperties: + type: string + description: 'Only memory and CPU are supported. Note: + The only supported values for CPU are ''1'', ''2'', + and ''4''. Setting 4 CPU requires at least 2Gi of + memory. The values of the map is string form of the + ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' + type: object + type: object + volumeMounts: + description: Volume to mount into the container's filesystem. + items: + properties: + mountPath: + description: Required. Path within the container at + which the volume should be mounted. Must not contain + ':'. For Cloud SQL volumes, it can be left empty, + or must otherwise be `/cloudsql`. All instances + defined in the Volume will be available as `/cloudsql/[instance]`. + For more information on Cloud SQL volumes, visit + https://cloud.google.com/sql/docs/mysql/connect-run + type: string + name: + description: Required. This must match the Name of + a Volume. + type: string + required: + - mountPath + - name + type: object + type: array + required: + - image + type: object type: array - authorityKeyId: - description: Identifies the subject_key_id of the parent certificate, - per https://tools.ietf.org/html/rfc5280#section-4.2.1.1 - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. - type: string - type: object - certFingerprint: - description: The hash of the x.509 certificate. - properties: - sha256Hash: - description: The SHA 256 hash, encoded in hexadecimal, of - the DER x509 certificate. - type: string - type: object - crlDistributionPoints: - description: Describes a list of locations to obtain CRL information, - i.e. the DistributionPoint.fullName described by https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - items: + executionEnvironment: + description: 'The sandbox environment to host this Revision. Possible + values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, + EXECUTION_ENVIRONMENT_GEN2' + type: string + labels: + additionalProperties: type: string - type: array - publicKey: - description: The public key that corresponds to an issued certificate. + description: KRM-style labels for the resource. + type: object + revision: + description: The unique name for the revision. If this field is + omitted, it will be automatically generated based on the Service + name. + type: string + scaling: + description: Scaling settings for this Revision. properties: - format: - description: 'Required. The format of the public key. Possible - values: KEY_FORMAT_UNSPECIFIED, PEM' - type: string - key: - description: Required. A public key. The padding and encoding - must match with the `KeyFormat` value specified for the - `format` field. - type: string + maxInstanceCount: + description: Maximum number of serving instances that this + resource should have. + format: int64 + type: integer + minInstanceCount: + description: Minimum number of serving instances that this + resource should have. + format: int64 + type: integer type: object - subjectDescription: - description: Describes some of the values in a certificate that - are related to the subject and lifetime. + serviceAccountRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external properties: - hexSerialNumber: - description: The serial number encoded in lowercase hexadecimal. - type: string - lifetime: - description: For convenience, the actual lifetime of an issued - certificate. - type: string - notAfterTime: - description: The time after which the certificate is expired. - Per RFC 5280, the validity period for a certificate is the - period of time from not_before_time through not_after_time, - inclusive. Corresponds to 'not_before_time' + 'lifetime' - - 1 second. - format: date-time + external: + description: |- + Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. + + Allowed value: The `email` field of an `IAMServiceAccount` resource. type: string - notBeforeTime: - description: The time at which the certificate becomes valid. - format: date-time + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - subject: - description: Contains distinguished name fields such as the - common name, location and / organization. - properties: - commonName: - description: The "common name" of the subject. - type: string - countryCode: - description: The country code of the subject. - type: string - locality: - description: The locality or city of the subject. - type: string - organization: - description: The organization of the subject. - type: string - organizationalUnit: - description: The organizational_unit of the subject. - type: string - postalCode: - description: The postal code of the subject. - type: string - province: - description: The province, territory, or regional state - of the subject. - type: string - streetAddress: - description: The street address of the subject. - type: string - type: object - subjectAltName: - description: The subject alternative name fields. - properties: - customSans: - description: Contains additional subject alternative name - values. - items: - properties: - critical: - description: Optional. Indicates whether or not - this extension is critical (i.e., if the client - does not know how to handle this extension, the - client should consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come - first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string - type: object - type: array - dnsNames: - description: Contains only valid, fully-qualified host - names. - items: - type: string - type: array - emailAddresses: - description: Contains only valid RFC 2822 E-mail addresses. - items: - type: string - type: array - ipAddresses: - description: Contains only valid 32-bit IPv4 addresses - or RFC 4291 IPv6 addresses. - items: - type: string - type: array - uris: - description: Contains only valid RFC 3986 URIs. - items: - type: string - type: array - type: object - type: object - subjectKeyId: - description: Provides a means of identifiying certificates that - contain a particular public key, per https://tools.ietf.org/html/rfc5280#section-4.2.1.2. - properties: - keyId: - description: Optional. The value of this KeyId encoded in - lowercase hexadecimal. This is most likely the 160 bit SHA-1 - hash of the public key. + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - x509Description: - description: Describes some of the technical X.509 fields in a - certificate. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: + timeout: + description: Max allowed time for an instance to respond to a + request. + type: string + volumes: + description: A list of Volumes to make available to containers. + items: + properties: + cloudSqlInstance: + description: For Cloud SQL volumes, contains the specific + instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run + for more information on how to connect Cloud SQL and Cloud + Run. properties: - critical: - description: Optional. Indicates whether or not this - extension is critical (i.e., if the client does not - know how to handle this extension, the client should - consider this to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - type: object - value: - description: Required. The value of this X.509 extension. - type: string + instances: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `instanceName` + field of a `SQLInstance` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status - Protocol (OCSP) endpoint addresses that appear in the "Authority - Information Access" extension in the certificate. - items: + name: + description: Required. Volume's name. type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, - the extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. - If this value is missing, the max path length will be - omitted from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys - that correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key - may be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic - commitments. Note that this may also be referred - to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate - revocation lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement - protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other - keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be - used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. - Officially described as "TLS WWW client authentication", - though regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. - Officially described as "Signing of downloadable - executable code client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. - Officially described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. - Officially described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. - Officially described as "TLS WWW server authentication", - though regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. - Officially described as "Binding the hash of an - object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that - are not listed in the KeyUsage.ExtendedKeyUsageOptions - message. + secret: + description: 'Secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'Integer representation of mode bits to + use on created files by default. Must be a value between + 0000 and 0777 (octal), defaulting to 0644. Directories + within the path are not affected by this setting. + Notes * Internally, a umask of 0222 will be applied + to any non-zero value. * This is an integer representation + of the mode bits. So, the octal integer value should + look exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod 640 + (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) + or 493 (base-10). * This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. This might + be in conflict with other options that affect the + file mode, like fsGroup, and as a result, other mode + bits could be set.' + format: int64 + type: integer items: - properties: - objectIdPath: - description: Required. The parts of an OID path. - The most significant parts of the path come first. - items: + description: If unspecified, the volume will expose + a file whose name is the secret, relative to VolumeMount.mount_path. + If specified, the key will be used as the version + to fetch from Cloud Secret Manager and the path will + be the name of the file exposed in the volume. When + items are defined, they must specify a path and a + version. + items: + properties: + mode: + description: 'Integer octal mode bits to use on + this file, must be a value between 01 and 0777 + (octal). If 0 or not set, the Volume''s default + mode will be used. Notes * Internally, a umask + of 0222 will be applied to any non-zero value. + * This is an integer representation of the mode + bits. So, the octal integer value should look + exactly as the chmod numeric notation with a + leading zero. Some examples: for chmod 777 (a=rwx), + set to 0777 (octal) or 511 (base-10). For chmod + 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). + For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 + (octal) or 493 (base-10). * This might be in + conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set.' format: int64 type: integer - type: array - type: object - type: array - type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer + path: + description: Required. The relative path of the + secret in the container. + type: string + versionRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - path + type: object type: array + secretRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. + + Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - secretRef type: object - type: array + required: + - name + type: object + type: array + vpcAccess: + description: VPC Access configuration to use for this Revision. + For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + properties: + connectorRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: |- + VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} + + Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + egress: + description: 'Traffic VPC egress settings. Possible values: + VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + type: string type: object type: object + traffic: + description: Specifies how to distribute traffic over a collection + of Revisions belonging to the Service. If traffic is empty or not + provided, defaults to 100% traffic to the latest `Ready` Revision. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + This defaults to zero if unspecified. Cloud Run currently + requires 100 percent for a single TrafficTarget entry. + format: int64 + type: integer + revision: + description: Revision to which to send this portion of traffic, + if traffic allocation is by revision. + type: string + tag: + description: Indicates a string to be part of the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + type: object + type: array + required: + - location + - projectRef + - template + type: object + status: + properties: conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -71274,12 +102841,52 @@ spec: type: object type: array createTime: - description: Output only. The time at which this Certificate was created. + description: Output only. The creation time. format: date-time type: string - issuerCertificateAuthority: - description: Output only. The resource name of the issuing CertificateAuthority - in the format `projects/*/locations/*/caPools/*/certificateAuthorities/*`. + creator: + description: Output only. Email address of the authenticated creator. + type: string + deleteTime: + description: Output only. The deletion time. + format: date-time + type: string + etag: + description: Output only. A system-generated fingerprint for this + version of the resource. May be used to detect modification conflict + during updates. + type: string + expireTime: + description: Output only. For a deleted resource, the time after which + it will be permamently deleted. + format: date-time + type: string + labels: + additionalProperties: + type: string + description: Map of string keys and values that can be used to organize + and categorize objects. User-provided labels are shared with Google's + billing system, so they can be used to filter, or break down billing + charges by team, component, environment, state, etc. For more information, + visit https://cloud.google.com/resource-manager/docs/creating-managing-labels + or https://cloud.google.com/run/docs/configuring/labels Cloud Run + will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' + namespaces. Those labels are read-only, and user changes will not + be preserved. + type: object + lastModifier: + description: Output only. Email address of the last authenticated + modifier. + type: string + latestCreatedRevision: + description: Output only. Name of the last created revision. See comments + in `reconciling` for additional information on reconciliation process + in Cloud Run. + type: string + latestReadyRevision: + description: Output only. Name of the latest revision that is serving + traffic. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71288,36 +102895,123 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - pemCertificate: - description: Output only. The pem-encoded, signed X.509 certificate. - type: string - pemCertificateChain: - description: Output only. The chain that may be used to verify the - X.509 certificate. Expected to be in issuer-to-root order according - to RFC 5246. - items: - type: string - type: array - revocationDetails: - description: Output only. Details regarding the revocation of this - Certificate. This Certificate is considered revoked if and only - if this field is present. + reconciling: + description: 'Output only. Returns true if the Service is currently + being acted upon by the system to bring it into the desired state. + When a new Service is created, or an existing one is updated, Cloud + Run will asynchronously perform all necessary steps to bring the + Service to the desired serving state. This process is called reconciliation. + While reconciliation is in process, `observed_generation`, `latest_ready_revison`, + `traffic_statuses`, and `uri` will have transient values that might + mismatch the intended state: Once reconciliation is over (and this + field is false), there are two possible outcomes: reconciliation + succeeded and the serving state matches the Service, or there was + an error, and reconciliation failed. This state can be found in + `terminal_condition.state`. If reconciliation succeeded, the following + fields will match: `traffic` and `traffic_statuses`, `observed_generation` + and `generation`, `latest_ready_revision` and `latest_created_revision`. + If reconciliation failed, `traffic_statuses`, `observed_generation`, + and `latest_ready_revision` will have the state of the last serving + revision, or empty for newly created Services. Additional information + on the failure can be found in `terminal_condition` and `conditions`.' + type: boolean + resourceGeneration: + description: Output only. A number that monotonically increases every + time the user modifies the desired state. + format: int64 + type: integer + terminalCondition: + description: Output only. The Condition of this Service, containing + its readiness status, and detailed error information in case it + did not reach a serving state. See comments in `reconciling` for + additional information on reconciliation process in Cloud Run. properties: - revocationState: - description: 'Indicates why a Certificate was revoked. Possible - values: REVOCATION_REASON_UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, - AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, - PRIVILEGE_WITHDRAWN, ATTRIBUTE_AUTHORITY_COMPROMISE' + jobReason: + description: 'A reason for the job condition. Possible values: + JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' type: string - revocationTime: - description: The time at which this Certificate was revoked. + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. format: date-time type: string + message: + description: Human readable message indicating details about the + current status. + type: string + reason: + description: 'A common (service-level) reason for this condition. + Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, + PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, + CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, + ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, + SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, + POSTPONED_RETRY, INTERNAL' + type: string + revisionReason: + description: 'A reason for the revision condition. Possible values: + REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, + RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, + MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, + NO_DEPLOYMENT' + type: string + severity: + description: 'How to interpret failures of this condition, one + of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, + ERROR, WARNING, INFO' + type: string + state: + description: 'State of the condition. Possible values: STATE_UNSPECIFIED, + CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, + CONDITION_SUCCEEDED' + type: string + type: + description: 'type is used to communicate the status of the reconciliation + process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting + Types common to all resources include: * "Ready": True when + the Resource is ready.' + type: string type: object + trafficStatuses: + description: Output only. Detailed status information for corresponding + traffic targets. See comments in `reconciling` for additional information + on reconciliation process in Cloud Run. + items: + properties: + percent: + description: Specifies percent of the traffic to this Revision. + format: int64 + type: integer + revision: + description: Revision to which this traffic is sent. + type: string + tag: + description: Indicates the string used in the URI to exclusively + reference this target. + type: string + type: + description: 'The allocation type for this traffic target. Possible + values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, + TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' + type: string + uri: + description: Displays the target URI. + type: string + type: object + type: array + uid: + description: Output only. Server assigned unique identifier for the + trigger. The value is a UUID4 string and guaranteed to remain unchanged + until the resource is deleted. + type: string updateTime: - description: Output only. The time at which this Certificate was updated. + description: Output only. The last-modified time. format: date-time type: string + uri: + description: Output only. The main URI in which this Service is serving + traffic. + type: string type: object required: - spec @@ -71337,25 +103031,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: privatecacertificatetemplates.privateca.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com spec: - group: privateca.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: PrivateCACertificateTemplate - plural: privatecacertificatetemplates + kind: SecretManagerSecret + plural: secretmanagersecrets shortNames: - - gcpprivatecacertificatetemplate - - gcpprivatecacertificatetemplates - singular: privatecacertificatetemplate + - gcpsecretmanagersecret + - gcpsecretmanagersecrets + singular: secretmanagersecret preserveUnknownFields: false scope: Namespaced versions: @@ -71393,301 +103087,149 @@ spec: type: object spec: properties: - description: - description: Optional. A human-readable description of scenarios this - template is intended for. - type: string - identityConstraints: - description: Optional. Describes constraints on identities that may - be appear in Certificates issued using this template. If this is - omitted, then this template will not add restrictions on a certificate's - identity. - properties: - allowSubjectAltNamesPassthrough: - description: Required. If this is true, the SubjectAltNames extension - may be copied from a certificate request into the signed certificate. - Otherwise, the requested SubjectAltNames will be discarded. - type: boolean - allowSubjectPassthrough: - description: Required. If this is true, the Subject field may - be copied from a certificate request into the signed certificate. - Otherwise, the requested Subject will be discarded. - type: boolean - celExpression: - description: Optional. A CEL expression that may be used to validate - the resolved X.509 Subject and/or Subject Alternative Name before - a certificate is signed. To see the full allowed syntax and - some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel - properties: - description: - description: Optional. Description of the expression. This - is a longer text which describes the expression, e.g. when - hovered over it in a UI. - type: string - expression: - description: Textual representation of an expression in Common - Expression Language syntax. - type: string - location: - description: Optional. String indicating the location of the - expression for error reporting, e.g. a file name and a position - in the file. - type: string - title: - description: Optional. Title for the expression, i.e. a short - string describing its purpose. This can be used e.g. in - UIs which allow to enter the expression. - type: string - type: object - required: - - allowSubjectAltNamesPassthrough - - allowSubjectPassthrough - type: object - location: - description: Immutable. The location for the resource + expireTime: + description: |- + Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - passthroughExtensions: - description: Optional. Describes the set of X.509 extensions that - may appear in a Certificate issued using this CertificateTemplate. - If a certificate request sets extensions that don't appear in the - passthrough_extensions, those extensions will be dropped. If the - issuing CaPool's IssuancePolicy defines baseline_values that don't - appear here, the certificate issuance request will fail. If this - is omitted, then this template will not add restrictions on a certificate's - X.509 extensions. These constraints do not apply to X.509 extensions - set in this CertificateTemplate's predefined_values. - properties: - additionalExtensions: - description: Optional. A set of ObjectIds identifying custom X.509 - extensions. Will be combined with known_extensions to determine - the full set of X.509 extensions. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array - knownExtensions: - description: Optional. A set of named X.509 extensions. Will be - combined with additional_extensions to determine the full set - of X.509 extensions. - items: - type: string - type: array - type: object - predefinedValues: - description: Optional. A set of X.509 values that will be applied - to all issued certificates that use this template. If the certificate - request includes conflicting values for the same properties, they - will be overwritten by the values defined here. If the issuing CaPool's - IssuancePolicy defines conflicting baseline_values for the same - properties, the certificate issuance request will fail. - properties: - additionalExtensions: - description: Optional. Describes custom X.509 extensions. - items: - properties: - critical: - description: Optional. Indicates whether or not this extension - is critical (i.e., if the client does not know how to - handle this extension, the client should consider this - to be an error). - type: boolean - objectId: - description: Required. The OID for this X.509 extension. - properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - value: - description: Required. The value of this X.509 extension. - type: string - required: - - objectId - - value - type: object - type: array - aiaOcspServers: - description: Optional. Describes Online Certificate Status Protocol - (OCSP) endpoint addresses that appear in the "Authority Information - Access" extension in the certificate. - items: - type: string - type: array - caOptions: - description: Optional. Describes options in this X509Parameters - that are relevant in a CA certificate. - properties: - isCa: - description: Optional. Refers to the "CA" X.509 extension, - which is a boolean value. When this value is missing, the - extension will be omitted from the CA certificate. - type: boolean - maxIssuerPathLength: - description: Optional. Refers to the path length restriction - X.509 extension. For a CA certificate, this value describes - the depth of subordinate CA certificates that are allowed. - If this value is less than 0, the request will fail. If - this value is missing, the max path length will be omitted - from the CA certificate. - format: int64 - type: integer - type: object - keyUsage: - description: Optional. Indicates the intended use for keys that - correspond to a certificate. - properties: - baseKeyUsage: - description: Describes high-level ways in which a key may - be used. - properties: - certSign: - description: The key may be used to sign certificates. - type: boolean - contentCommitment: - description: The key may be used for cryptographic commitments. - Note that this may also be referred to as "non-repudiation". - type: boolean - crlSign: - description: The key may be used sign certificate revocation - lists. - type: boolean - dataEncipherment: - description: The key may be used to encipher data. - type: boolean - decipherOnly: - description: The key may be used to decipher only. - type: boolean - digitalSignature: - description: The key may be used for digital signatures. - type: boolean - encipherOnly: - description: The key may be used to encipher only. - type: boolean - keyAgreement: - description: The key may be used in a key agreement protocol. - type: boolean - keyEncipherment: - description: The key may be used to encipher other keys. - type: boolean - type: object - extendedKeyUsage: - description: Detailed scenarios in which a key may be used. - properties: - clientAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially - described as "TLS WWW client authentication", though - regularly used for non-WWW TLS. - type: boolean - codeSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially - described as "Signing of downloadable executable code - client authentication". - type: boolean - emailProtection: - description: Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially - described as "Email protection". - type: boolean - ocspSigning: - description: Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially - described as "Signing OCSP responses". - type: boolean - serverAuth: - description: Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially - described as "TLS WWW server authentication", though - regularly used for non-WWW TLS. - type: boolean - timeStamping: - description: Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially - described as "Binding the hash of an object to a time". - type: boolean - type: object - unknownExtendedKeyUsages: - description: Used to describe extended key usages that are - not listed in the KeyUsage.ExtendedKeyUsageOptions message. + replication: + description: |- + Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed + after the Secret has been created. + properties: + automatic: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + type: boolean + userManaged: + description: Immutable. The Secret will automatically be replicated + without any restrictions. + properties: + replicas: + description: Immutable. The list of Replicas for this Secret. + Cannot be empty. items: properties: - objectIdPath: - description: Required. The parts of an OID path. The - most significant parts of the path come first. - items: - format: int64 - type: integer - type: array + customerManagedEncryption: + description: Immutable. Customer Managed Encryption + for the secret. + properties: + kmsKeyRef: + description: Customer Managed Encryption for the + secret. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` + field of a `KMSCryptoKey` resource.' + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + location: + description: 'Immutable. The canonical IDs of the location + to replicate data. For example: "us-east1".' + type: string required: - - objectIdPath + - location type: object type: array + required: + - replicas type: object - policyIds: - description: Optional. Describes the X.509 certificate policy - object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4. - items: - properties: - objectIdPath: - description: Required. The parts of an OID path. The most - significant parts of the path come first. - items: - format: int64 - type: integer - type: array - required: - - objectIdPath - type: object - type: array type: object - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + resourceID: + description: Immutable. Optional. The secretId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rotation: + description: The rotation time and period for a Secret. At 'next_rotation_time', + Secret Manager will send a Pub/Sub notification to the topics configured + on the Secret. 'topics' must be set to configure rotation. properties: - external: + nextRotationTime: description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + rotationPeriod: + description: |- + Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). + If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. type: string type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + topics: + description: A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + items: + properties: + topicRef: + description: |- + A list of up to 10 Pub/Sub topics to which messages are + published when control plane operations are called on the secret + or its versions. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - topicRef + type: object + type: array + ttl: + description: |- + Immutable. The TTL for the Secret. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string required: - - location - - projectRef + - replication type: object status: properties: @@ -71718,9 +103260,12 @@ spec: type: object type: array createTime: - description: Output only. The time at which this CertificateTemplate - was created. - format: date-time + description: The time at which the Secret was created. + type: string + name: + description: |- + The resource name of the Secret. Format: + 'projects/{{project}}/secrets/{{secret_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71729,11 +103274,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: Output only. The time at which this CertificateTemplate - was updated. - format: date-time - type: string type: object required: - spec @@ -71753,25 +103293,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: projects.resourcemanager.cnrm.cloud.google.com + name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: secretmanager.cnrm.cloud.google.com names: categories: - gcp - kind: Project - plural: projects + kind: SecretManagerSecretVersion + plural: secretmanagersecretversions shortNames: - - gcpproject - - gcpprojects - singular: project + - gcpsecretmanagersecretversion + - gcpsecretmanagersecretversions + singular: secretmanagersecretversion preserveUnknownFields: false scope: Namespaced versions: @@ -71808,50 +103348,55 @@ spec: metadata: type: object spec: - oneOf: - - required: - - folderRef - - required: - - organizationRef - - not: - anyOf: - - required: - - folderRef - - required: - - organizationRef properties: - billingAccountRef: + enabled: + description: The current state of the SecretVersion. + type: boolean + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + secretData: + description: Immutable. The secret data. Must be no larger than 64KiB. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `BillingAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object type: object - folderRef: - description: |- - The folder that this resource belongs to. Changing this forces the - resource to be migrated to the newly specified folder. Only one of - folderRef or organizationRef may be specified. + secretRef: + description: Secret Manager secret resource oneOf: - not: required: @@ -71868,7 +103413,7 @@ spec: - external properties: external: - description: 'Allowed value: The `folderId` field of a `Folder` + description: 'Allowed value: The `name` field of a `SecretManagerSecret` resource.' type: string name: @@ -71878,15 +103423,144 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - secretData + - secretRef + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The time at which the Secret was created. + type: string + destroyTime: + description: The time at which the Secret was destroyed. Only present + if state is DESTROYED. + type: string name: - description: The display name of the project. + description: |- + The resource name of the SecretVersion. Format: + 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + version: + description: The version of the Secret. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: securitycenternotificationconfigs.securitycenter.cnrm.cloud.google.com +spec: + group: securitycenter.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SecurityCenterNotificationConfig + plural: securitycenternotificationconfigs + shortNames: + - gcpsecuritycenternotificationconfig + - gcpsecuritycenternotificationconfigs + singular: securitycenternotificationconfig + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + configId: + description: Immutable. This must be unique within the organization. + type: string + description: + description: The description of the notification config (max of 1024 + characters). type: string organizationRef: - description: |- - The organization that this resource belongs to. Changing this - forces the resource to be migrated to the newly specified - organization. Only one of folderRef or organizationRef may be - specified. + description: The organization that this resource belongs to. oneOf: - not: required: @@ -71913,13 +103587,55 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + pubsubTopic: + description: |- + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + type: string resourceID: - description: Immutable. Optional. The projectId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + streamingConfig: + description: The config for triggering streaming-based notifications. + properties: + filter: + description: |- + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + type: string + required: + - filter + type: object required: - - name + - configId + - organizationRef + - pubsubTopic + - streamingConfig type: object status: properties: @@ -71949,8 +103665,10 @@ spec: type: string type: object type: array - number: - description: The numeric identifier of the project. + name: + description: |- + The resource name of this notification config, in the format + 'organizations/{{organization}}/notificationConfigs/{{config_id}}'. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -71959,6 +103677,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + serviceAccount: + description: |- + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + type: string type: object required: - spec @@ -71978,25 +103701,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsublitereservations.pubsublite.cnrm.cloud.google.com + name: securitycentersources.securitycenter.cnrm.cloud.google.com spec: - group: pubsublite.cnrm.cloud.google.com + group: securitycenter.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubLiteReservation - plural: pubsublitereservations + kind: SecurityCenterSource + plural: securitycentersources shortNames: - - gcppubsublitereservation - - gcppubsublitereservations - singular: pubsublitereservation + - gcpsecuritycentersource + - gcpsecuritycentersources + singular: securitycentersource preserveUnknownFields: false scope: Namespaced versions: @@ -72016,7 +103739,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -72034,8 +103757,19 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. + description: + description: The description of the source (max of 1024 characters). + type: string + displayName: + description: |- + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + type: string + organizationRef: + description: The organization that this resource belongs to. oneOf: - not: required: @@ -72052,7 +103786,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of an `Organization` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72061,24 +103796,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - region: - description: The region of the pubsub lite reservation. - type: string resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - throughputCapacity: - description: |- - The reserved throughput capacity. Every unit of throughput capacity is - equivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed - messages. - type: integer required: - - projectRef - - region - - throughputCapacity + - displayName + - organizationRef type: object status: properties: @@ -72108,6 +103833,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name of this source, in the format + 'organizations/{{organization}}/sources/{{source}}'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72134,25 +103864,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubschemas.pubsub.cnrm.cloud.google.com + name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSchema - plural: pubsubschemas + kind: ServiceDirectoryEndpoint + plural: servicedirectoryendpoints shortNames: - - gcppubsubschema - - gcppubsubschemas - singular: pubsubschema + - gcpservicedirectoryendpoint + - gcpservicedirectoryendpoints + singular: servicedirectoryendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -72190,14 +103920,43 @@ spec: type: object spec: properties: - definition: + addressRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `address` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + networkRef: description: |- - Immutable. The definition of the schema. - This should contain a string representing the full definition of the schema - that is a valid schema definition of the type specified in type. - type: string - projectRef: - description: The project that this resource belongs to. + Only the `external` field is supported to configure the reference. + + Immutable. The Google Compute Engine network (VPC) of the endpoint in the format + projects//locations/global/networks/*. + + The project must be specified by project number (project id is rejected). Incorrectly formatted networks are + rejected, but no other validation is performed on this field (ex. network or project existence, + reachability, or permissions). oneOf: - not: required: @@ -72214,7 +103973,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72223,18 +103983,47 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + port: + description: |- + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The endpointId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - type: - description: 'Immutable. The type of the schema definition Default - value: "TYPE_UNSPECIFIED" Possible values: ["TYPE_UNSPECIFIED", - "PROTOCOL_BUFFER", "AVRO"].' - type: string + serviceRef: + description: The ServiceDirectoryService that this endpoint belongs + to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `ServiceDirectoryService` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - projectRef + - serviceRef type: object status: properties: @@ -72264,6 +104053,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the endpoint in the format + 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72290,25 +104084,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubsubscriptions.pubsub.cnrm.cloud.google.com + name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubSubscription - plural: pubsubsubscriptions + kind: ServiceDirectoryNamespace + plural: servicedirectorynamespaces shortNames: - - gcppubsubsubscription - - gcppubsubsubscriptions - singular: pubsubsubscription + - gcpservicedirectorynamespace + - gcpservicedirectorynamespaces + singular: servicedirectorynamespace preserveUnknownFields: false scope: Namespaced versions: @@ -72346,288 +104140,14 @@ spec: type: object spec: properties: - ackDeadlineSeconds: - description: |- - This value is the maximum time after a subscriber receives a message - before the subscriber should acknowledge the message. After message - delivery but before the ack deadline expires and before the message is - acknowledged, it is an outstanding message and will not be delivered - again during that time (on a best-effort basis). - - For pull subscriptions, this value is used as the initial value for - the ack deadline. To override this value for a given message, call - subscriptions.modifyAckDeadline with the corresponding ackId if using - pull. The minimum custom deadline you can specify is 10 seconds. The - maximum custom deadline you can specify is 600 seconds (10 minutes). - If this parameter is 0, a default value of 10 seconds is used. - - For push delivery, this value is also used to set the request timeout - for the call to the push endpoint. - - If the subscriber never acknowledges the message, the Pub/Sub system - will eventually redeliver the message. - type: integer - bigqueryConfig: - description: |- - If delivery to BigQuery is used with this subscription, this field is used to configure it. - Either pushConfig or bigQueryConfig can be set, but not both. - If both are empty, then the subscriber will pull and ack messages using API methods. - properties: - dropUnknownFields: - description: |- - When true and useTopicSchema is true, any fields that are a part of the topic schema that are not part of the BigQuery table schema are dropped when writing to BigQuery. - Otherwise, the schemas must be kept in sync and any messages with extra fields are not written and remain in the subscription's backlog. - type: boolean - tableRef: - description: The name of the table to which to write data. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `{{project}}.{{dataset_id}}.{{value}}`, - where {{value}} is the `name` field of a `BigQueryTable` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - useTopicSchema: - description: When true, use the topic's schema as the columns - to write to in BigQuery, if it exists. - type: boolean - writeMetadata: - description: |- - When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table. - The subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column. - type: boolean - required: - - tableRef - type: object - deadLetterPolicy: - description: |- - A policy that specifies the conditions for dead lettering messages in - this subscription. If dead_letter_policy is not set, dead lettering - is disabled. - - The Cloud Pub/Sub service account associated with this subscription's - parent project (i.e., - service-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have - permission to Acknowledge() messages on this subscription. - properties: - deadLetterTopicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - maxDeliveryAttempts: - description: "The maximum number of delivery attempts for any - message. The value must be\nbetween 5 and 100.\n\nThe number - of delivery attempts is defined as 1 + (the sum of number of - \nNACKs and number of times the acknowledgement deadline has - been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline - with a 0 deadline. Note that\nclient libraries may automatically - extend ack_deadlines.\n\nThis field will be honored on a best - effort basis.\n\nIf this parameter is 0, a default value of - 5 is used." - type: integer - type: object - enableExactlyOnceDelivery: - description: |- - If 'true', Pub/Sub provides the following guarantees for the delivery - of a message with a given value of messageId on this Subscriptions': - - - The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires. - - - An acknowledged message will not be resent to a subscriber. - - Note that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery' - is true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values. - type: boolean - enableMessageOrdering: - description: |- - Immutable. If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to - the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they - may be delivered in any order. - type: boolean - expirationPolicy: - description: |- - A policy that specifies the conditions for this subscription's expiration. - A subscription is considered active as long as any connected subscriber - is successfully consuming messages from the subscription or is issuing - operations on the subscription. If expirationPolicy is not set, a default - policy with ttl of 31 days will be used. If it is set but ttl is "", the - resource never expires. The minimum allowed value for expirationPolicy.ttl - is 1 day. - properties: - ttl: - description: |- - Specifies the "time-to-live" duration for an associated resource. The - resource expires if it is not active for a period of ttl. - If ttl is not set, the associated resource never expires. - A duration in seconds with up to nine fractional digits, terminated by 's'. - Example - "3.5s". - type: string - required: - - ttl - type: object - filter: - description: "Immutable. The subscription only delivers the messages - that match the filter. \nPub/Sub automatically acknowledges the - messages that don't match the filter. You can filter messages\nby - their attributes. The maximum length of a filter is 256 bytes. After - creating the subscription, \nyou can't modify the filter." - type: string - messageRetentionDuration: - description: |- - How long to retain unacknowledged messages in the subscription's - backlog, from the moment a message is published. If - retain_acked_messages is true, then this also configures the retention - of acknowledged messages, and thus configures how far back in time a - subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). - - A duration in seconds with up to nine fractional digits, terminated - by 's'. Example: '"600.5s"'. - type: string - pushConfig: + location: description: |- - If push delivery is used with this subscription, this field is used to - configure it. An empty pushConfig signifies that the subscriber will - pull and ack messages using API methods. - properties: - attributes: - additionalProperties: - type: string - description: |- - Endpoint configuration attributes. - - Every endpoint has a set of API supported attributes that can - be used to control different aspects of the message delivery. - - The currently supported attribute is x-goog-version, which you - can use to change the format of the pushed message. This - attribute indicates the version of the data expected by - the endpoint. This controls the shape of the pushed message - (i.e., its fields and metadata). The endpoint version is - based on the version of the Pub/Sub API. - - If not present during the subscriptions.create call, - it will default to the version of the API used to make - such call. If not present during a subscriptions.modifyPushConfig - call, its value will not be changed. subscriptions.get - calls will always return a valid version, even if the - subscription was created without this attribute. - - The possible values for this attribute are: - - - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API. - type: object - oidcToken: - description: |- - If specified, Pub/Sub will generate and attach an OIDC JWT token as - an Authorization header in the HTTP request for every pushed message. - properties: - audience: - description: |- - Audience to be used when generating OIDC token. The audience claim - identifies the recipients that the JWT is intended for. The audience - value is a single case-sensitive string. Having multiple values (array) - for the audience field is not supported. More info about the OIDC JWT - token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 - Note: if not specified, the Push endpoint URL will be used. - type: string - serviceAccountEmail: - description: |- - Service account email to be used for generating the OIDC token. - The caller (for subscriptions.create, subscriptions.patch, and - subscriptions.modifyPushConfig RPCs) must have the - iam.serviceAccounts.actAs permission for the service account. - type: string - required: - - serviceAccountEmail - type: object - pushEndpoint: - description: |- - A URL locating the endpoint to which messages should be pushed. - For example, a Webhook endpoint might use - "https://example.com/push". - type: string - required: - - pushEndpoint - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + The location for the Namespace. + A full list of valid locations can be found by running + 'gcloud beta service-directory locations list'. type: string - retainAckedMessages: - description: |- - Indicates whether to retain acknowledged messages. If 'true', then - messages are not expunged from the subscription's backlog, even if - they are acknowledged, until they fall out of the - messageRetentionDuration window. - type: boolean - retryPolicy: - description: "A policy that specifies how Pub/Sub retries message - delivery for this subscription.\n\nIf not set, the default retry - policy is applied. This generally implies that messages will be - retried as soon as possible for healthy subscribers. \nRetryPolicy - will be triggered on NACKs or acknowledgement deadline exceeded - events for a given message." - properties: - maximumBackoff: - description: "The maximum delay between consecutive deliveries - of a given message. Value should be between 0 and 600 seconds. - Defaults to 600 seconds. \nA duration in seconds with up to - nine fractional digits, terminated by 's'. Example: \"3.5s\"." - type: string - minimumBackoff: - description: |- - The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string - type: object - topicRef: - description: Reference to a PubSubTopic. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -72644,8 +104164,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -72654,8 +104173,14 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The namespaceId of the resource. + Used for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - topicRef + - location + - projectRef type: object status: properties: @@ -72685,6 +104210,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the namespace + in the format 'projects/*/locations/*/namespaces/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72711,25 +104241,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: pubsubtopics.pubsub.cnrm.cloud.google.com + name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com spec: - group: pubsub.cnrm.cloud.google.com + group: servicedirectory.cnrm.cloud.google.com names: categories: - gcp - kind: PubSubTopic - plural: pubsubtopics + kind: ServiceDirectoryService + plural: servicedirectoryservices shortNames: - - gcppubsubtopic - - gcppubsubtopics - singular: pubsubtopic + - gcpservicedirectoryservice + - gcpservicedirectoryservices + singular: servicedirectoryservice preserveUnknownFields: false scope: Namespaced versions: @@ -72767,13 +104297,9 @@ spec: type: object spec: properties: - kmsKeyRef: - description: |- - The KMSCryptoKey to be used to protect access to messages published - on this topic. Your project's Pub/Sub service account - ('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') - must have 'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this - feature. + namespaceRef: + description: The ServiceDirectoryNamespace that this service belongs + to. oneOf: - not: required: @@ -72790,7 +104316,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` resource.' type: string name: @@ -72800,81 +104326,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - messageRetentionDuration: - description: |- - Indicates the minimum duration to retain a message after it is published - to the topic. If this field is set, messages published to the topic in - the last messageRetentionDuration are always available to subscribers. - For instance, it allows any attached subscription to seek to a timestamp - that is up to messageRetentionDuration in the past. If this field is not - set, message retention is controlled by settings on individual subscriptions. - Cannot be more than 31 days or less than 10 minutes. - type: string - messageStoragePolicy: - description: |- - Policy constraining the set of Google Cloud Platform regions where - messages published to the topic may be stored. If not present, then no - constraints are in effect. - properties: - allowedPersistenceRegions: - description: |- - A list of IDs of GCP regions where messages that are published to - the topic may be persisted in storage. Messages published by - publishers running in non-allowed GCP regions (or running outside - of GCP altogether) will be routed for storage in one of the - allowed regions. An empty list means that no regions are allowed, - and is not a valid configuration. - items: - type: string - type: array - required: - - allowedPersistenceRegions - type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The serviceId of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - schemaSettings: - description: Settings for validating messages published against a - schema. - properties: - encoding: - description: 'Immutable. The encoding of messages validated against - schema. Default value: "ENCODING_UNSPECIFIED" Possible values: - ["ENCODING_UNSPECIFIED", "JSON", "BINARY"].' - type: string - schemaRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/schemas/{{value}}`, - where {{value}} is the `name` field of a `PubSubSchema` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - schemaRef - type: object + required: + - namespaceRef type: object status: properties: @@ -72904,6 +104362,11 @@ spec: type: string type: object type: array + name: + description: |- + The resource name for the service in the + format 'projects/*/locations/*/namespaces/*/services/*'. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -72912,6 +104375,8 @@ spec: the resource. type: integer type: object + required: + - spec type: object served: true storage: true @@ -72928,25 +104393,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: recaptchaenterprisekeys.recaptchaenterprise.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: serviceidentities.serviceusage.cnrm.cloud.google.com spec: - group: recaptchaenterprise.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: RecaptchaEnterpriseKey - plural: recaptchaenterprisekeys + kind: ServiceIdentity + plural: serviceidentities shortNames: - - gcprecaptchaenterprisekey - - gcprecaptchaenterprisekeys - singular: recaptchaenterprisekey + - gcpserviceidentity + - gcpserviceidentities + singular: serviceidentity preserveUnknownFields: false scope: Namespaced versions: @@ -72984,40 +104449,8 @@ spec: type: object spec: properties: - androidSettings: - description: Settings for keys that can be used by Android apps. - properties: - allowAllPackageNames: - description: If set to true, it means allowed_package_names will - not be enforced. - type: boolean - allowedPackageNames: - description: 'Android package names of apps allowed to use the - key. Example: ''com.companyname.appname''' - items: - type: string - type: array - type: object - displayName: - description: Human-readable display name of this key. Modifiable by - user. - type: string - iosSettings: - description: Settings for keys that can be used by iOS apps. - properties: - allowAllBundleIds: - description: If set to true, it means allowed_bundle_ids will - not be enforced. - type: boolean - allowedBundleIds: - description: 'iOS bundle ids of apps allowed to use the key. Example: - ''com.companyname.productname.appname''' - items: - type: string - type: array - type: object projectRef: - description: Immutable. The Project that this resource belongs to. + description: The project that this resource belongs to. oneOf: - not: required: @@ -73034,10 +104467,7 @@ spec: - external properties: external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -73047,63 +104477,11 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - testingOptions: - description: Immutable. Options for user acceptance testing. - properties: - testingChallenge: - description: 'Immutable. For challenge-based keys only (CHECKBOX, - INVISIBLE), all challenge requests for this site will return - nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. - Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE' - type: string - testingScore: - description: Immutable. All assessments for this Key will return - this score. Must be between 0 (likely not legitimate) and 1 - (likely legitimate) inclusive. - format: double - type: number - type: object - webSettings: - description: Settings for keys that can be used by websites. - properties: - allowAllDomains: - description: If set to true, it means allowed_domains will not - be enforced. - type: boolean - allowAmpTraffic: - description: If set to true, the key can be used on AMP (Accelerated - Mobile Pages) websites. This is supported only for the SCORE - integration type. - type: boolean - allowedDomains: - description: 'Domains or subdomains of websites allowed to use - the key. All subdomains of an allowed domain are automatically - allowed. A valid domain requires a host and must not include - any path, port, query or fragment. Examples: ''example.com'' - or ''subdomain.example.com''' - items: - type: string - type: array - challengeSecurityPreference: - description: 'Settings for the frequency and difficulty at which - this key triggers captcha challenges. This should only be specified - for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: - CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, - SECURITY' - type: string - integrationType: - description: 'Immutable. Required. Describes how this key is integrated - with the website. Possible values: SCORE, CHECKBOX, INVISIBLE' - type: string - required: - - integrationType - type: object required: - - displayName - projectRef type: object status: @@ -73134,9 +104512,7 @@ spec: type: string type: object type: array - createTime: - description: The timestamp corresponding to the creation of this Key. - format: date-time + email: type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -73164,25 +104540,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: redisinstances.redis.cnrm.cloud.google.com + name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com spec: - group: redis.cnrm.cloud.google.com + group: servicenetworking.cnrm.cloud.google.com names: categories: - gcp - kind: RedisInstance - plural: redisinstances + kind: ServiceNetworkingConnection + plural: servicenetworkingconnections shortNames: - - gcpredisinstance - - gcpredisinstances - singular: redisinstance + - gcpservicenetworkingconnection + - gcpservicenetworkingconnections + singular: servicenetworkingconnection preserveUnknownFields: false scope: Namespaced versions: @@ -73220,27 +104596,7 @@ spec: type: object spec: properties: - alternativeLocationId: - description: |- - Immutable. Only applicable to STANDARD_HA tier which protects the instance - against zonal failures by provisioning it across two zones. - If provided, it must be a different zone from the one provided in - [locationId]. - type: string - authEnabled: - description: |- - Optional. Indicates whether OSS Redis AUTH is enabled for the - instance. If set to "true" AUTH is enabled on the instance. - Default value is "false" meaning AUTH is disabled. - type: boolean - authString: - description: AUTH String set on the instance. This field will only - be populated if auth_enabled is true. - type: string - authorizedNetworkRef: - description: |- - The network to which the instance is connected. If left - unspecified, the default network will be used. + networkRef: oneOf: - not: required: @@ -73257,7 +104613,7 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `ComputeNetwork` resource.' type: string name: @@ -73267,259 +104623,44 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - connectMode: - description: 'Immutable. The connection mode of the Redis instance. - Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", - "PRIVATE_SERVICE_ACCESS"].' - type: string - customerManagedKeyRef: - description: |- - Immutable. Optional. The KMS key reference that you want to use to - encrypt the data at rest for this Redis instance. If this is - provided, CMEK is enabled. - oneOf: - - not: + reservedPeeringRanges: + items: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace required: - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - displayName: - description: An arbitrary and optional user-provided name for the - instance. - type: string - locationId: - description: |- - Immutable. The zone where the instance will be provisioned. If not provided, - the service will choose a zone for the instance. For STANDARD_HA tier, - instances will be created across two zones for protection against - zonal failures. If [alternativeLocationId] is also provided, it must - be different from [locationId]. - type: string - maintenancePolicy: - description: Maintenance policy for an instance. - properties: - createTime: - description: |- - Output only. The time when the policy was created. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - description: - description: |- - Optional. Description of what this policy is for. - Create/Update methods return INVALID_ARGUMENT if the - length is greater than 512. - type: string - updateTime: - description: |- - Output only. The time when the policy was last updated. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - weeklyMaintenanceWindow: - description: |- - Optional. Maintenance window that is applied to resources covered by this policy. - Minimum 1. For the current version, the maximum number - of weekly_window is expected to be one. - items: - properties: - day: - description: |- - Required. The day of week that maintenance updates occur. - - - DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified. - - MONDAY: Monday - - TUESDAY: Tuesday - - WEDNESDAY: Wednesday - - THURSDAY: Thursday - - FRIDAY: Friday - - SATURDAY: Saturday - - SUNDAY: Sunday Possible values: ["DAY_OF_WEEK_UNSPECIFIED", "MONDAY", "TUESDAY", "WEDNESDAY", "THURSDAY", "FRIDAY", "SATURDAY", "SUNDAY"]. - type: string - duration: - description: |- - Output only. Duration of the maintenance window. - The current window is fixed at 1 hour. - A duration in seconds with up to nine fractional digits, - terminated by 's'. Example: "3.5s". - type: string - startTime: - description: Required. Start time of the window in UTC time. - properties: - hours: - description: |- - Hours of day in 24 hour format. Should be from 0 to 23. - An API may choose to allow the value "24:00:00" for scenarios like business closing time. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 - to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must - be from 0 to 999,999,999. - type: integer - seconds: - description: |- - Seconds of minutes of the time. Must normally be from 0 to 59. - An API may allow the value 60 if it allows leap-seconds. - type: integer - type: object - required: - - day - - startTime - type: object - type: array - type: object - maintenanceSchedule: - description: Upcoming maintenance schedule. - properties: - endTime: - description: |- - Output only. The end time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - scheduleDeadlineTime: - description: |- - Output only. The deadline that the maintenance schedule start time - can not go beyond, including reschedule. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - startTime: - description: |- - Output only. The start time of any upcoming scheduled maintenance for this instance. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - type: string - type: object - memorySizeGb: - description: Redis memory size in GiB. - type: integer - persistenceConfig: - description: Persistence configuration for an instance. - properties: - persistenceMode: - description: "Optional. Controls whether Persistence features - are enabled. If not provided, the existing value will be used.\n\n- - DISABLED: \tPersistence is disabled for the instance, and any - existing snapshots are deleted.\n- RDB: RDB based Persistence - is enabled. Possible values: [\"DISABLED\", \"RDB\"]." - type: string - rdbNextSnapshotTime: - description: |- - Output only. The next time that a snapshot attempt is scheduled to occur. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up - to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rdbSnapshotPeriod: - description: "Optional. Available snapshot periods for scheduling.\n\n- - ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every - 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot - every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", - \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]." - type: string - rdbSnapshotStartTime: - description: |- - Optional. Date and time that the first snapshot was/will be attempted, - and to which future snapshots will be aligned. If not provided, - the current time will be used. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution - and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - type: object - readReplicasMode: - description: |- - Optional. Read replica mode. Can only be specified when trying to create the instance. - If not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED. - - READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the - instance cannot scale up or down the number of replicas. - - READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance - can scale up and down the number of replicas. Possible values: ["READ_REPLICAS_DISABLED", "READ_REPLICAS_ENABLED"]. - type: string - redisConfigs: - additionalProperties: - type: string - description: |- - Redis configuration parameters, according to http://redis.io/topics/config. - Please check Memorystore documentation for the list of supported parameters: - https://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs. - type: object - redisVersion: - description: |- - The version of Redis software. If not provided, latest supported - version will be used. Please check the API documentation linked - at the top for the latest valid values. - type: string - region: - description: Immutable. The name of the Redis region of the instance. - type: string - replicaCount: - description: |- - Optional. The number of replica nodes. The valid range for the Standard Tier with - read replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled - for a Standard Tier instance, the only valid value is 1 and the default is 1. - The valid value for basic tier is 0 and the default is also 0. - type: integer - reservedIpRange: - description: |- - Immutable. The CIDR range of internal addresses that are reserved for this - instance. If not provided, the service will choose an unused /29 - block, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be - unique and non-overlapping with existing subnets in an authorized - network. - type: string - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - secondaryIpRange: - description: |- - Optional. Additional IP range for node placement. Required when enabling read replicas on - an existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or - "auto". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address - range associated with the private service access connection, or "auto". - type: string - tier: - description: |- - Immutable. The service tier of the instance. Must be one of these values: - - - BASIC: standalone instance - - STANDARD_HA: highly available primary/replica instances Default value: "BASIC" Possible values: ["BASIC", "STANDARD_HA"]. - type: string - transitEncryptionMode: - description: |- - Immutable. The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance. - - - SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: "DISABLED" Possible values: ["SERVER_AUTHENTICATION", "DISABLED"]. + properties: + external: + description: 'Allowed value: The `name` field of a `ComputeAddress` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + type: array + service: + description: Immutable. Provider peering service that is managing + peering connectivity for a service provider organization. For Google + services that support this functionality it is 'servicenetworking.googleapis.com'. type: string required: - - memorySizeGb - - region + - networkRef + - reservedPeeringRanges + - service type: object status: properties: @@ -73549,36 +104690,6 @@ spec: type: string type: object type: array - createTime: - description: |- - The time the instance was created in RFC3339 UTC "Zulu" format, - accurate to nanoseconds. - type: string - currentLocationId: - description: |- - The current zone where the Redis endpoint is placed. - For Basic Tier instances, this will always be the same as the - [locationId] provided by the user at creation time. For Standard Tier - instances, this can be either [locationId] or [alternativeLocationId] - and can change after a failover event. - type: string - host: - description: |- - Hostname or IP address of the exposed Redis endpoint used by clients - to connect to the service. - type: string - nodes: - description: Output only. Info per node. - items: - properties: - id: - description: Node identifying string. e.g. 'node-0', 'node-1'. - type: string - zone: - description: Location of the node. - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73586,48 +104697,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - persistenceIamIdentity: - description: |- - Output only. Cloud IAM identity used by import / export operations - to transfer data to/from Cloud Storage. Format is "serviceAccount:". - The value may change over time for a given instance so should be - checked before each import/export operation. - type: string - port: - description: The port number of the exposed Redis endpoint. - type: integer - readEndpoint: - description: |- - Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only. - Targets all healthy replica nodes in instance. Replication is asynchronous and replica nodes - will exhibit some lag behind the primary. Write requests must target 'host'. + peering: type: string - readEndpointPort: - description: |- - Output only. The port number of the exposed readonly redis endpoint. Standard tier only. - Write requests should target 'port'. - type: integer - serverCaCerts: - description: List of server CA certificates for the instance. - items: - properties: - cert: - description: The certificate data in PEM format. - type: string - createTime: - description: The time when the certificate was created. - type: string - expireTime: - description: The time when the certificate expires. - type: string - serialNumber: - description: Serial number, as extracted from the certificate. - type: string - sha1Fingerprint: - description: Sha1 Fingerprint of the certificate. - type: string - type: object - type: array type: object required: - spec @@ -73647,25 +104718,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerliens.resourcemanager.cnrm.cloud.google.com + name: services.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerLien - plural: resourcemanagerliens - shortNames: - - gcpresourcemanagerlien - - gcpresourcemanagerliens - singular: resourcemanagerlien + kind: Service + plural: services + shortNames: + - gcpservice + - gcpservices + singular: service preserveUnknownFields: false scope: Namespaced versions: @@ -73703,67 +104774,38 @@ spec: type: object spec: properties: - origin: - description: |- - Immutable. A stable, user-visible/meaningful string identifying the origin - of the Lien, intended to be inspected programmatically. Maximum length of - 200 characters. - type: string - parent: - properties: - projectRef: - oneOf: - - not: - required: - - external - required: + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - reason: - description: |- - Immutable. Concise user-visible strings indicating why an action cannot be performed - on a resource. Maximum length of 200 characters. - type: string resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The service of the resource. Used + for creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - restrictions: - description: |- - Immutable. The types of operations which should be blocked as a result of this Lien. - Each value should correspond to an IAM permission. The server will validate - the permissions against those for which Liens are supported. An empty - list is meaningless and will be rejected. - e.g. ['resourcemanager.projects.delete']. - items: - type: string - type: array - required: - - origin - - parent - - reason - - restrictions type: object status: properties: @@ -73793,12 +104835,6 @@ spec: type: string type: object type: array - createTime: - description: Time of creation. - type: string - name: - description: A system-generated unique identifier for this Lien. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -73807,8 +104843,6 @@ spec: the resource. type: integer type: object - required: - - spec type: object served: true storage: true @@ -73825,25 +104859,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: resourcemanagerpolicies.resourcemanager.cnrm.cloud.google.com + name: serviceusageconsumerquotaoverrides.serviceusage.cnrm.cloud.google.com spec: - group: resourcemanager.cnrm.cloud.google.com + group: serviceusage.cnrm.cloud.google.com names: categories: - gcp - kind: ResourceManagerPolicy - plural: resourcemanagerpolicies + kind: ServiceUsageConsumerQuotaOverride + plural: serviceusageconsumerquotaoverrides shortNames: - - gcpresourcemanagerpolicy - - gcpresourcemanagerpolicies - singular: resourcemanagerpolicy + - gcpserviceusageconsumerquotaoverride + - gcpserviceusageconsumerquotaoverrides + singular: serviceusageconsumerquotaoverride preserveUnknownFields: false scope: Namespaced versions: @@ -73863,7 +104897,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -73881,125 +104915,34 @@ spec: type: object spec: properties: - booleanPolicy: - description: A boolean policy is a constraint that is either enforced - or not. - properties: - enforced: - description: If true, then the Policy is enforced. If false, then - any configuration is acceptable. - type: boolean - required: - - enforced + dimensions: + additionalProperties: + type: string + description: Immutable. If this map is nonempty, then this override + applies only to specific values for dimensions defined in the limit + unit. type: object - constraint: - description: Immutable. The name of the Constraint the Policy is configuring, - for example, serviceuser.services. - type: string - folderRef: + force: description: |- - The folder on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `Folder` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - listPolicy: - description: A policy that can define specific values that are allowed - or denied for the given constraint. It can also be used to allow - or deny all values. . - properties: - allow: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - deny: - description: One or the other must be set. - properties: - all: - description: The policy allows or denies all values. - type: boolean - values: - description: The policy can define specific values that are - allowed or denied. - items: - type: string - type: array - type: object - inheritFromParent: - description: If set to true, the values from the effective Policy - of the parent resource are inherited, meaning the values set - in this Policy are added to the values inherited up the hierarchy. - type: boolean - suggestedValue: - description: The Google Cloud Console will try to default to a - configuration that matches the value specified in this field. - type: string - type: object - organizationRef: + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If 'force' is 'true', that safety check is ignored. + type: boolean + limit: description: |- - The organization on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of an `Organization` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + Immutable. The limit on the metric, e.g. '/project/region'. + + ~> Make sure that 'limit' is in a format that doesn't start with '1/' or contain curly braces. + E.g. use '/project/user' instead of '1/{project}/{user}'. + type: string + metric: + description: Immutable. The metric that should be limited, e.g. 'compute.googleapis.com/cpus'. + type: string + overrideValue: + description: The overriding quota limit value. Can be any nonnegative + integer, or -1 (unlimited quota). + type: string projectRef: - description: |- - The project on which to configure the constraint. Only one of - projectRef, folderRef, or organizationRef may be specified. + description: The project that this resource belongs to. oneOf: - not: required: @@ -74025,22 +104968,21 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - restorePolicy: - description: A restore policy is a constraint to restore the default - policy. - properties: - default: - description: May only be set to true. If set, then the default - Policy is restored. - type: boolean - required: - - default - type: object - version: - description: Version of the Policy. Default version is 0. - type: integer + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. + type: string + service: + description: Immutable. The service that the metrics belong to, e.g. + 'compute.googleapis.com'. + type: string required: - - constraint + - limit + - metric + - overrideValue + - projectRef + - service type: object status: properties: @@ -74070,10 +105012,8 @@ spec: type: string type: object type: array - etag: - description: The etag of the organization policy. etag is used for - optimistic concurrency control as a way to help prevent simultaneous - updates of a policy from overwriting each other. + name: + description: The server-generated name of the quota override. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -74082,11 +105022,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - updateTime: - description: 'The timestamp in RFC3339 UTC "Zulu" format, accurate - to nanoseconds, representing when the variable was last updated. - Example: "2016-10-09T12:33:37.578138407Z".' - type: string type: object required: - spec @@ -74106,25 +105041,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: - cnrm.cloud.google.com/dcl2crd: "true" cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" - name: runservices.run.cnrm.cloud.google.com + cnrm.cloud.google.com/tf2crd: "true" + name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com spec: - group: run.cnrm.cloud.google.com + group: sourcerepo.cnrm.cloud.google.com names: categories: - gcp - kind: RunService - plural: runservices + kind: SourceRepoRepository + plural: sourcereporepositories shortNames: - - gcprunservice - - gcprunservices - singular: runservice + - gcpsourcereporepository + - gcpsourcereporepositories + singular: sourcereporepository preserveUnknownFields: false scope: Namespaced versions: @@ -74157,340 +105092,231 @@ spec: description: 'kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - annotations: - additionalProperties: - type: string - description: 'Unstructured key value map that may be set by external - tools to store and arbitrary metadata. They are not queryable and - should be preserved when modifying objects. Cloud Run will populate - some annotations using ''run.googleapis.com'' or ''serving.knative.dev'' - namespaces. This field follows Kubernetes annotations'' namespacing, - limits, and rules. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - binaryAuthorization: - description: Settings for the Binary Authorization feature. - properties: - breakglassJustification: - description: If present, indicates to use Breakglass using this - justification. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass - type: string - useDefault: - description: If True, indicates to use the default project's binary - authorization policy. If False, binary authorization will be - disabled - type: boolean - type: object - client: - description: Arbitrary identifier for the API client. - type: string - clientVersion: - description: Arbitrary version identifier for the API client. - type: string - description: - description: User-provided description of the Service. - type: string - ingress: - description: Provides the ingress settings for this Service. On output, - returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED - if no revision is active. - type: string - launchStage: - description: 'The launch stage as defined by [Google Cloud Platform - Launch Stages](http://cloud.google.com/terms/launch-stages). Cloud - Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, - GA is assumed. Possible values: LAUNCH_STAGE_UNSPECIFIED, UNIMPLEMENTED, - PRELAUNCH, EARLY_ACCESS, ALPHA, BETA, GA, DEPRECATED' - type: string - location: - description: Immutable. The location for the resource - type: string - projectRef: - description: Immutable. The Project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The project for the resource - - Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - template: - description: Required. The template used to create revisions for this - Service. - properties: - annotations: - additionalProperties: - type: string - description: KRM-style annotations for the resource. - type: object - containerConcurrency: - description: Sets the maximum number of requests that each serving - instance can receive. - format: int64 - type: integer - containers: - description: Holds the single container that defines the unit - of execution for this Revision. - items: - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s environment. - If a variable cannot be resolved, the reference in the - input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped - references will never be expanded, regardless of whether - the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. - The docker image''s ENTRYPOINT is used if this is not - provided. Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable cannot - be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will - never be expanded, regardless of whether the variable - exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - properties: - name: - description: Required. Name of the environment variable. - Must be a C_IDENTIFIER, and mnay not exceed 32768 - characters. - type: string - value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any route environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "", and the maximum length - is 32768 bytes.' - type: string - valueSource: - description: Source for the environment variable's - value. - properties: - secretKeyRef: - description: Selects a secret and a specific version - from Cloud Secret Manager. - properties: - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object - type: object - required: + type: string + metadata: + type: object + spec: + properties: + pubsubConfigs: + description: "How this repository publishes a change in the repository + through Cloud Pub/Sub. \nKeyed by the topic names." + items: + properties: + messageFormat: + description: "The format of the Cloud Pub/Sub messages. \n- + PROTOBUF: The message payload is a serialized protocol buffer + of SourceRepoEvent.\n- JSON: The message payload is a JSON + string of SourceRepoEvent. Possible values: [\"PROTOBUF\", + \"JSON\"]." + type: string + serviceAccountRef: + description: |- + Service account used for publishing Cloud Pub/Sub messages. This + service account needs to be in the same project as the + pubsubConfig. When added, the caller needs to have + iam.serviceAccounts.actAs permission on this service account. If + unspecified, it defaults to the compute engine default service + account. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - image: - description: 'Required. URL of the Container image in Google - Container Registry or Docker More info: https://kubernetes.io/docs/concepts/containers/images' + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `email` field of an `IAMServiceAccount` + resource.' type: string name: - description: Name of the container specified as a DNS_LABEL. + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - ports: - description: List of ports to expose from the container. - Only a single port can be specified. The specified ports - must be listening on all interfaces (0.0.0.0) within the - container to be accessible. If omitted, a port number - will be chosen and passed to the container through the - PORT environment variable for the container to listen - on. - items: - properties: - containerPort: - description: Port number the container listens on. - This must be a valid TCP port number, 0 < container_port - < 65536. - format: int64 - type: integer - name: - description: If specified, used to specify which protocol - to use. Allowed values are "http1" and "h2c". - type: string - type: object - type: array - resources: - description: 'Compute Resource requirements by this container. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - cpuIdle: - description: Determines whether CPU should be throttled - or not outside of requests. - type: boolean - limits: - additionalProperties: - type: string - description: 'Only memory and CPU are supported. Note: - The only supported values for CPU are ''1'', ''2'', - and ''4''. Setting 4 CPU requires at least 2Gi of - memory. The values of the map is string form of the - ''quantity'' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go' - type: object - type: object - volumeMounts: - description: Volume to mount into the container's filesystem. - items: - properties: - mountPath: - description: Required. Path within the container at - which the volume should be mounted. Must not contain - ':'. For Cloud SQL volumes, it can be left empty, - or must otherwise be `/cloudsql`. All instances - defined in the Volume will be available as `/cloudsql/[instance]`. - For more information on Cloud SQL volumes, visit - https://cloud.google.com/sql/docs/mysql/connect-run - type: string - name: - description: Required. This must match the Name of - a Volume. - type: string - required: - - mountPath + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - type: object - type: array - required: - - image + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `PubSubTopic` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string type: object - type: array - executionEnvironment: - description: 'The sandbox environment to host this Revision. Possible - values: EXECUTION_ENVIRONMENT_UNSPECIFIED, EXECUTION_ENVIRONMENT_GEN1, - EXECUTION_ENVIRONMENT_GEN2' - type: string - labels: - additionalProperties: + required: + - messageFormat + - topicRef + type: object + type: array + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. type: string - description: KRM-style labels for the resource. - type: object - revision: - description: The unique name for the revision. If this field is - omitted, it will be automatically generated based on the Service - name. - type: string - scaling: - description: Scaling settings for this Revision. - properties: - maxInstanceCount: - description: Maximum number of serving instances that this - resource should have. - format: int64 - type: integer - minInstanceCount: - description: Minimum number of serving instances that this - resource should have. - format: int64 - type: integer - type: object - serviceAccountRef: + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + size: + description: The disk usage of the repo, in bytes. + type: integer + url: + description: URL to clone the repository from Google Cloud Source + Repositories. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: spannerdatabases.spanner.cnrm.cloud.google.com +spec: + group: spanner.cnrm.cloud.google.com + names: + categories: + - gcp + kind: SpannerDatabase + plural: spannerdatabases + shortNames: + - gcpspannerdatabase + - gcpspannerdatabases + singular: spannerdatabase + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + databaseDialect: + description: |- + Immutable. The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. + type: string + ddl: + description: |- + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + items: + type: string + type: array + encryptionConfig: + description: Immutable. Encryption configuration for the database. + properties: + kmsKeyRef: + description: |- + Fully qualified name of the KMS key to use to encrypt this database. This key + must exist in the same location as the Spanner Database. oneOf: - not: required: @@ -74498,276 +105324,71 @@ spec: required: - name - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. - - Allowed value: The `email` field of an `IAMServiceAccount` resource. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - timeout: - description: Max allowed time for an instance to respond to a - request. - type: string - volumes: - description: A list of Volumes to make available to containers. - items: - properties: - cloudSqlInstance: - description: For Cloud SQL volumes, contains the specific - instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run - for more information on how to connect Cloud SQL and Cloud - Run. - properties: - instances: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `instanceName` - field of a `SQLInstance` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - type: object - name: - description: Required. Volume's name. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Integer representation of mode bits to - use on created files by default. Must be a value between - 0000 and 0777 (octal), defaulting to 0644. Directories - within the path are not affected by this setting. - Notes * Internally, a umask of 0222 will be applied - to any non-zero value. * This is an integer representation - of the mode bits. So, the octal integer value should - look exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod 640 - (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) - or 493 (base-10). * This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. This might - be in conflict with other options that affect the - file mode, like fsGroup, and as a result, other mode - bits could be set.' - format: int64 - type: integer - items: - description: If unspecified, the volume will expose - a file whose name is the secret, relative to VolumeMount.mount_path. - If specified, the key will be used as the version - to fetch from Cloud Secret Manager and the path will - be the name of the file exposed in the volume. When - items are defined, they must specify a path and a - version. - items: - properties: - mode: - description: 'Integer octal mode bits to use on - this file, must be a value between 01 and 0777 - (octal). If 0 or not set, the Volume''s default - mode will be used. Notes * Internally, a umask - of 0222 will be applied to any non-zero value. - * This is an integer representation of the mode - bits. So, the octal integer value should look - exactly as the chmod numeric notation with a - leading zero. Some examples: for chmod 777 (a=rwx), - set to 0777 (octal) or 511 (base-10). For chmod - 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). - For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 - (octal) or 493 (base-10). * This might be in - conflict with other options that affect the - file mode, like fsGroup, and the result can - be other mode bits set.' - format: int64 - type: integer - path: - description: Required. The relative path of the - secret in the container. - type: string - versionRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecretVersion` resource (format: `{{name}}`). - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - path - type: object - type: array - secretRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. - - Allowed value: The Google Cloud resource name of a `SecretManagerSecret` resource (format: `projects/{{project}}/secrets/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - secretRef - type: object + anyOf: + - required: + - name + - required: + - namespace required: - - name - type: object - type: array - vpcAccess: - description: VPC Access configuration to use for this Revision. - For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. + - external properties: - connectorRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: |- - VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector} - - Allowed value: The Google Cloud resource name of a `VPCAccessConnector` resource (format: `projects/{{project}}/locations/{{location}}/connectors/{{name}}`). - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - egress: - description: 'Traffic VPC egress settings. Possible values: - VPC_EGRESS_UNSPECIFIED, ALL_TRAFFIC, PRIVATE_RANGES_ONLY' + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + required: + - kmsKeyRef type: object - traffic: - description: Specifies how to distribute traffic over a collection - of Revisions belonging to the Service. If traffic is empty or not - provided, defaults to 100% traffic to the latest `Ready` Revision. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - This defaults to zero if unspecified. Cloud Run currently - requires 100 percent for a single TrafficTarget entry. - format: int64 - type: integer - revision: - description: Revision to which to send this portion of traffic, - if traffic allocation is by revision. - type: string - tag: - description: Indicates a string to be part of the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - type: object - type: array + instanceRef: + description: The instance to create the database on. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SpannerInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + versionRetentionPeriod: + description: |- + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to 'ddl' that + update the database's version_retention_period. + type: string required: - - location - - projectRef - - template + - instanceRef type: object status: properties: @@ -74797,54 +105418,6 @@ spec: type: string type: object type: array - createTime: - description: Output only. The creation time. - format: date-time - type: string - creator: - description: Output only. Email address of the authenticated creator. - type: string - deleteTime: - description: Output only. The deletion time. - format: date-time - type: string - etag: - description: Output only. A system-generated fingerprint for this - version of the resource. May be used to detect modification conflict - during updates. - type: string - expireTime: - description: Output only. For a deleted resource, the time after which - it will be permamently deleted. - format: date-time - type: string - labels: - additionalProperties: - type: string - description: Map of string keys and values that can be used to organize - and categorize objects. User-provided labels are shared with Google's - billing system, so they can be used to filter, or break down billing - charges by team, component, environment, state, etc. For more information, - visit https://cloud.google.com/resource-manager/docs/creating-managing-labels - or https://cloud.google.com/run/docs/configuring/labels Cloud Run - will populate some labels with 'run.googleapis.com' or 'serving.knative.dev' - namespaces. Those labels are read-only, and user changes will not - be preserved. - type: object - lastModifier: - description: Output only. Email address of the last authenticated - modifier. - type: string - latestCreatedRevision: - description: Output only. Name of the last created revision. See comments - in `reconciling` for additional information on reconciliation process - in Cloud Run. - type: string - latestReadyRevision: - description: Output only. Name of the latest revision that is serving - traffic. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -74852,122 +105425,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - reconciling: - description: 'Output only. Returns true if the Service is currently - being acted upon by the system to bring it into the desired state. - When a new Service is created, or an existing one is updated, Cloud - Run will asynchronously perform all necessary steps to bring the - Service to the desired serving state. This process is called reconciliation. - While reconciliation is in process, `observed_generation`, `latest_ready_revison`, - `traffic_statuses`, and `uri` will have transient values that might - mismatch the intended state: Once reconciliation is over (and this - field is false), there are two possible outcomes: reconciliation - succeeded and the serving state matches the Service, or there was - an error, and reconciliation failed. This state can be found in - `terminal_condition.state`. If reconciliation succeeded, the following - fields will match: `traffic` and `traffic_statuses`, `observed_generation` - and `generation`, `latest_ready_revision` and `latest_created_revision`. - If reconciliation failed, `traffic_statuses`, `observed_generation`, - and `latest_ready_revision` will have the state of the last serving - revision, or empty for newly created Services. Additional information - on the failure can be found in `terminal_condition` and `conditions`.' - type: boolean - resourceGeneration: - description: Output only. A number that monotonically increases every - time the user modifies the desired state. - format: int64 - type: integer - terminalCondition: - description: Output only. The Condition of this Service, containing - its readiness status, and detailed error information in case it - did not reach a serving state. See comments in `reconciling` for - additional information on reconciliation process in Cloud Run. - properties: - jobReason: - description: 'A reason for the job condition. Possible values: - JOB_REASON_UNDEFINED, JOB_STATUS_SERVICE_POLLING_ERROR' - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: Human readable message indicating details about the - current status. - type: string - reason: - description: 'A common (service-level) reason for this condition. - Possible values: COMMON_REASON_UNDEFINED, UNKNOWN, REVISION_FAILED, - PROGRESS_DEADLINE_EXCEEDED, CONTAINER_MISSING, CONTAINER_PERMISSION_DENIED, - CONTAINER_IMAGE_UNAUTHORIZED, CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED, - ENCRYPTION_KEY_PERMISSION_DENIED, ENCRYPTION_KEY_CHECK_FAILED, - SECRETS_ACCESS_CHECK_FAILED, WAITING_FOR_OPERATION, IMMEDIATE_RETRY, - POSTPONED_RETRY, INTERNAL' - type: string - revisionReason: - description: 'A reason for the revision condition. Possible values: - REVISION_REASON_UNDEFINED, PENDING, RESERVE, RETIRED, RETIRING, - RECREATING, HEALTH_CHECK_CONTAINER_ERROR, CUSTOMIZED_PATH_RESPONSE_PENDING, - MIN_INSTANCES_NOT_PROVISIONED, ACTIVE_REVISION_LIMIT_REACHED, - NO_DEPLOYMENT' - type: string - severity: - description: 'How to interpret failures of this condition, one - of Error, Warning, Info Possible values: SEVERITY_UNSPECIFIED, - ERROR, WARNING, INFO' - type: string - state: - description: 'State of the condition. Possible values: STATE_UNSPECIFIED, - CONDITION_PENDING, CONDITION_RECONCILING, CONDITION_FAILED, - CONDITION_SUCCEEDED' - type: string - type: - description: 'type is used to communicate the status of the reconciliation - process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting - Types common to all resources include: * "Ready": True when - the Resource is ready.' - type: string - type: object - trafficStatuses: - description: Output only. Detailed status information for corresponding - traffic targets. See comments in `reconciling` for additional information - on reconciliation process in Cloud Run. - items: - properties: - percent: - description: Specifies percent of the traffic to this Revision. - format: int64 - type: integer - revision: - description: Revision to which this traffic is sent. - type: string - tag: - description: Indicates the string used in the URI to exclusively - reference this target. - type: string - type: - description: 'The allocation type for this traffic target. Possible - values: TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED, TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST, - TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION' - type: string - uri: - description: Displays the target URI. - type: string - type: object - type: array - uid: - description: Output only. Server assigned unique identifier for the - trigger. The value is a UUID4 string and guaranteed to remain unchanged - until the resource is deleted. - type: string - updateTime: - description: Output only. The last-modified time. - format: date-time - type: string - uri: - description: Output only. The main URI in which this Service is serving - traffic. + state: + description: An explanation of the status of the database. type: string type: object required: @@ -74988,25 +105447,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecrets.secretmanager.cnrm.cloud.google.com + name: spannerinstances.spanner.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: spanner.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecret - plural: secretmanagersecrets + kind: SpannerInstance + plural: spannerinstances shortNames: - - gcpsecretmanagersecret - - gcpsecretmanagersecrets - singular: secretmanagersecret + - gcpspannerinstance + - gcpspannerinstances + singular: spannerinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75044,149 +105503,32 @@ spec: type: object spec: properties: - expireTime: + config: description: |- - Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Immutable. The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). type: string - replication: + displayName: description: |- - Immutable. The replication policy of the secret data attached to the Secret. It cannot be changed - after the Secret has been created. - properties: - automatic: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - type: boolean - userManaged: - description: Immutable. The Secret will automatically be replicated - without any restrictions. - properties: - replicas: - description: Immutable. The list of Replicas for this Secret. - Cannot be empty. - items: - properties: - customerManagedEncryption: - description: Immutable. Customer Managed Encryption - for the secret. - properties: - kmsKeyRef: - description: Customer Managed Encryption for the - secret. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` - field of a `KMSCryptoKey` resource.' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - location: - description: 'Immutable. The canonical IDs of the location - to replicate data. For example: "us-east1".' - type: string - required: - - location - type: object - type: array - required: - - replicas - type: object - type: object + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + type: string + numNodes: + type: integer + processingUnits: + type: integer resourceID: - description: Immutable. Optional. The secretId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - rotation: - description: The rotation time and period for a Secret. At 'next_rotation_time', - Secret Manager will send a Pub/Sub notification to the topics configured - on the Secret. 'topics' must be set to configure rotation. - properties: - nextRotationTime: - description: |- - Timestamp in UTC at which the Secret is scheduled to rotate. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - rotationPeriod: - description: |- - Immutable. The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years). - If rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications. - type: string - type: object - topics: - description: A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - items: - properties: - topicRef: - description: |- - A list of up to 10 Pub/Sub topics to which messages are - published when control plane operations are called on the secret - or its versions. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - topicRef - type: object - type: array - ttl: - description: |- - Immutable. The TTL for the Secret. - A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". - type: string required: - - replication + - config + - displayName type: object status: properties: @@ -75216,14 +105558,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - name: - description: |- - The resource name of the Secret. Format: - 'projects/{{project}}/secrets/{{secret_id}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75231,6 +105565,9 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: 'Instance status: ''CREATING'' or ''READY''.' + type: string type: object required: - spec @@ -75250,25 +105587,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: secretmanagersecretversions.secretmanager.cnrm.cloud.google.com + name: sqldatabases.sql.cnrm.cloud.google.com spec: - group: secretmanager.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: SecretManagerSecretVersion - plural: secretmanagersecretversions + kind: SQLDatabase + plural: sqldatabases shortNames: - - gcpsecretmanagersecretversion - - gcpsecretmanagersecretversions - singular: secretmanagersecretversion + - gcpsqldatabase + - gcpsqldatabases + singular: sqldatabase preserveUnknownFields: false scope: Namespaced versions: @@ -75306,54 +105643,31 @@ spec: type: object spec: properties: - enabled: - description: The current state of the SecretVersion. - type: boolean - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + charset: + description: |- + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of 'UTF8' at creation time. + type: string + collation: + description: |- + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of 'en_US.UTF8' at creation time. + type: string + deletionPolicy: + description: "The deletion policy for the database. Setting ABANDON + allows the resource \nto be abandoned rather than deleted. This + is useful for Postgres, where databases cannot be \ndeleted from + the API if there are users other than cloudsqlsuperuser with access. + Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." type: string - secretData: - description: Immutable. The secret data. Must be no larger than 64KiB. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretRef: - description: Secret Manager secret resource + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75370,7 +105684,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SecretManagerSecret` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75380,9 +105694,13 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - secretData - - secretRef + - instanceRef type: object status: properties: @@ -75412,18 +105730,6 @@ spec: type: string type: object type: array - createTime: - description: The time at which the Secret was created. - type: string - destroyTime: - description: The time at which the Secret was destroyed. Only present - if state is DESTROYED. - type: string - name: - description: |- - The resource name of the SecretVersion. Format: - 'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'. - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75431,8 +105737,7 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - version: - description: The version of the Secret. + selfLink: type: string type: object required: @@ -75453,25 +105758,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryendpoints.servicedirectory.cnrm.cloud.google.com + name: sqlinstances.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryEndpoint - plural: servicedirectoryendpoints + kind: SQLInstance + plural: sqlinstances shortNames: - - gcpservicedirectoryendpoint - - gcpservicedirectoryendpoints - singular: servicedirectoryendpoint + - gcpsqlinstance + - gcpsqlinstances + singular: sqlinstance preserveUnknownFields: false scope: Namespaced versions: @@ -75509,7 +105814,16 @@ spec: type: object spec: properties: - addressRef: + databaseVersion: + default: MYSQL_5_6 + description: The MySQL, PostgreSQL or SQL Server (beta) version to + use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, + POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, + SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, + SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date + reference of supported versions. + type: string + encryptionKMSCryptoKeyRef: oneOf: - not: required: @@ -75526,7 +105840,7 @@ spec: - external properties: external: - description: 'Allowed value: The `address` field of a `ComputeAddress` + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` resource.' type: string name: @@ -75536,86 +105850,526 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - networkRef: - description: |- - Only the `external` field is supported to configure the reference. - - Immutable. The Google Compute Engine network (VPC) of the endpoint in the format - projects//locations/global/networks/*. - - The project must be specified by project number (project id is rejected). Incorrectly formatted networks are - rejected, but no other validation is performed on this field (ex. network or project existence, - reachability, or permissions). + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + type: string + maintenanceVersion: + description: Maintenance version. + type: string + masterInstanceRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region the instance will sit in. Note, + Cloud SQL is not available in all regions. A valid region must be + provided to use this resource. If a region is not provided in the + resource definition, the provider region will be used instead, but + this will be an apply-time error for instances if the provider region + is not supported with Cloud SQL. If you choose not to provide the + region argument for this resource, make sure you understand this. + type: string + replicaConfiguration: + description: The configuration for replication. + properties: + caCertificate: + description: Immutable. PEM representation of the trusted CA's + x509 certificate. + type: string + clientCertificate: + description: Immutable. PEM representation of the replica's x509 + certificate. + type: string + clientKey: + description: Immutable. PEM representation of the replica's private + key. The corresponding public key in encoded in the client_certificate. + type: string + connectRetryInterval: + description: Immutable. The number of seconds between connect + retries. MySQL's default is 60 seconds. + type: integer + dumpFilePath: + description: Immutable. Path to a SQL file in Google Cloud Storage + from which replica instances are created. Format is gs://bucket/filename. + type: string + failoverTarget: + description: Immutable. Specifies if the replica is the failover + target. If the field is set to true the replica will be designated + as a failover replica. If the master instance fails, the replica + instance will be promoted as the new master instance. + type: boolean + masterHeartbeatPeriod: + description: Immutable. Time in ms between replication heartbeats. + type: integer + password: + description: Immutable. Password for the replication connection. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used + if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in + the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value + from. + type: string + required: + - name + - key + type: object + type: object + type: object + sslCipher: + description: Immutable. Permissible ciphers for use in SSL encryption. + type: string + username: + description: Immutable. Username for replication connection. + type: string + verifyServerCertificate: + description: Immutable. True if the master's common name value + is checked during the SSL handshake. + type: boolean + type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + rootPassword: + description: Initial root password. Required for MS SQL Server. oneOf: - not: required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `ComputeNetwork` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + settings: + description: The settings to use for the database. The configuration + is detailed below. + properties: + activationPolicy: + description: This specifies when the instance should be active. + Can be either ALWAYS, NEVER or ON_DEMAND. + type: string + activeDirectoryConfig: + properties: + domain: + description: Domain name of the Active Directory for SQL Server + (e.g., mydomain.com). + type: string + required: + - domain + type: object + authorizedGaeApplications: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + items: + type: string + type: array + availabilityType: + description: |- + The availability type of the Cloud SQL instance, high availability + (REGIONAL) or single zone (ZONAL). For all instances, ensure that + settings.backup_configuration.enabled is set to true. + For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. + For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled + is set to true. Defaults to ZONAL. + type: string + backupConfiguration: + properties: + backupRetentionSettings: + properties: + retainedBackups: + description: Number of backups to retain. + type: integer + retentionUnit: + description: The unit that 'retainedBackups' represents. + Defaults to COUNT. + type: string + required: + - retainedBackups + type: object + binaryLogEnabled: + description: True if binary logging is enabled. If settings.backup_configuration.enabled + is false, this must be as well. Can only be used with MySQL. + type: boolean + enabled: + description: True if backup configuration is enabled. + type: boolean + location: + description: Location of the backup configuration. + type: string + pointInTimeRecoveryEnabled: + description: True if Point-in-time recovery is enabled. + type: boolean + startTime: + description: HH:MM format time indicating when backup configuration + starts. + type: string + transactionLogRetentionDays: + description: The number of days of transaction logs we retain + for point in time restore, from 1-7. + type: integer + type: object + collation: + description: Immutable. The name of server instance collation. + type: string + connectorEnforcement: + description: Specifies if connections must use Cloud SQL connectors. + type: string + crashSafeReplication: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. + type: boolean + databaseFlags: + items: + properties: + name: + description: Name of the flag. + type: string + value: + description: Value of the flag. + type: string + required: + - name + - value + type: object + type: array + deletionProtectionEnabled: + description: Configuration to protect against accidental instance + deletion. + type: boolean + denyMaintenancePeriod: + properties: + endDate: + description: End date before which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + startDate: + description: Start date after which maintenance will not take + place. The date is in format yyyy-mm-dd i.e., 2020-11-01, + or mm-dd, i.e., 11-01. + type: string + time: + description: 'Time in UTC when the "deny maintenance period" + starts on start_date and ends on end_date. The time is in + format: HH:mm:SS, i.e., 00:00:00.' + type: string + required: + - endDate + - startDate + - time + type: object + diskAutoresize: + description: Enables auto-resizing of the storage size. Defaults + to true. + type: boolean + diskAutoresizeLimit: + description: The maximum size, in GB, to which storage capacity + can be automatically increased. The default value is 0, which + specifies that there is no limit. + type: integer + diskSize: + description: The size of data disk, in GB. Size of a running instance + cannot be reduced but can be increased. The minimum value is + 10GB. + type: integer + diskType: + description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. + Defaults to PD_SSD.' + type: string + insightsConfig: + description: Configuration of Query Insights. + properties: + queryInsightsEnabled: + description: True if Query Insights feature is enabled. + type: boolean + queryPlansPerMinute: + description: Number of query execution plans captured by Insights + per minute for all queries combined. Between 0 and 20. Default + to 5. + type: integer + queryStringLength: + description: Maximum query length stored in bytes. Between + 256 and 4500. Default to 1024. + type: integer + recordApplicationTags: + description: True if Query Insights will record application + tags from query when enabled. + type: boolean + recordClientAddress: + description: True if Query Insights will record client address + when enabled. + type: boolean + type: object + ipConfiguration: + properties: + allocatedIpRange: + description: 'The name of the allocated ip range for the private + ip CloudSQL instance. For example: "google-managed-services-default". + If set, the instance ip will be created in the allocated + range. The range name must comply with RFC 1035. Specifically, + the name must be 1-63 characters long and match the regular + expression [a-z]([-a-z0-9]*[a-z0-9])?.' + type: string + authorizedNetworks: + items: + properties: + expirationTime: + type: string + name: + type: string + value: + type: string + required: + - value + type: object + type: array + enablePrivatePathForGoogleCloudServices: + description: Whether Google Cloud services such as BigQuery + are allowed to access data in this Cloud SQL instance over + a private IP connection. SQLSERVER database type is not + supported. + type: boolean + ipv4Enabled: + description: Whether this Cloud SQL instance should be assigned + a public IPV4 address. At least ipv4_enabled must be enabled + or a private_network must be configured. + type: boolean + privateNetworkRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a + `ComputeNetwork` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + requireSsl: + type: boolean + type: object + locationPreference: + properties: + followGaeApplication: + description: A Google App Engine application whose zone to + remain in. Must be in the same region as this instance. + type: string + secondaryZone: + description: The preferred Compute Engine zone for the secondary/failover. + type: string + zone: + description: The preferred compute engine zone. + type: string + type: object + maintenanceWindow: + description: Declares a one-hour maintenance window when an Instance + can automatically restart to apply updates. The maintenance + window is specified in UTC time. + properties: + day: + description: Day of week (1-7), starting on Monday. + type: integer + hour: + description: Hour of day (0-23), ignored if day not set. + type: integer + updateTrack: + description: Receive updates earlier (canary) or later (stable). + type: string + type: object + passwordValidationPolicy: + properties: + complexity: + description: Password complexity. + type: string + disallowUsernameSubstring: + description: Disallow username as a part of the password. + type: boolean + enablePasswordPolicy: + description: Whether the password policy is enabled or not. + type: boolean + minLength: + description: Minimum number of characters allowed. + type: integer + passwordChangeInterval: + description: Minimum interval after which the password can + be changed. This flag is only supported for PostgresSQL. + type: string + reuseInterval: + description: Number of previous passwords that cannot be reused. + type: integer + required: + - enablePasswordPolicy + type: object + pricingPlan: + description: Pricing plan for this instance, can only be PER_USE. type: string - type: object - port: - description: |- - Port that the endpoint is running on, must be in the - range of [0, 65535]. If unspecified, the default is 0. - type: integer - resourceID: - description: Immutable. Optional. The endpointId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - serviceRef: - description: The ServiceDirectoryService that this endpoint belongs - to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryService` - resource.' + replicationType: + description: |- + DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. + Specifying this field has no-ops; it's recommended to remove this field from your configuration. type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + sqlServerAuditConfig: + properties: + bucketRef: + description: The name of the destination bucket (e.g., gs://mybucket). + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `url` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + retentionInterval: + description: 'How long to keep generated audit files. A duration + in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s"..' + type: string + uploadInterval: + description: 'How often to upload generated audit files. A + duration in seconds with up to nine fractional digits, terminated + by ''s''. Example: "3.5s".' + type: string + type: object + tier: + description: The machine type to use. See tiers for more details + and supported versions. Postgres supports only shared-core machine + types, and custom machine types such as db-custom-2-13312. See + the Custom Machine Type Documentation to learn about specifying + custom machine types. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + timeZone: + description: Immutable. The time_zone to be used by the database + engine (supported only for SQL Server), in SQL Server timezone + format. type: string + required: + - tier type: object required: - - serviceRef + - settings type: object status: properties: + availableMaintenanceVersions: + description: Available Maintenance versions. + items: + type: string + type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75642,11 +106396,27 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the endpoint in the format - 'projects/*/locations/*/namespaces/*/services/*/endpoints/*'. + connectionName: + description: The connection name of the instance to be used in connection + strings. For example, when connecting with Cloud SQL Proxy. + type: string + firstIpAddress: + type: string + instanceType: + description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', + 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. type: string + ipAddress: + items: + properties: + ipAddress: + type: string + timeToRetire: + type: string + type: + type: string + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -75654,6 +106424,35 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateIpAddress: + type: string + publicIpAddress: + type: string + selfLink: + description: The URI of the created resource. + type: string + serverCaCert: + properties: + cert: + description: The CA Certificate used to connect to the SQL Instance + via SSL. + type: string + commonName: + description: The CN valid for the CA Cert. + type: string + createTime: + description: Creation time of the CA Cert. + type: string + expirationTime: + description: Expiration time of the CA Cert. + type: string + sha1Fingerprint: + description: SHA Fingerprint of the CA Cert. + type: string + type: object + serviceAccountEmailAddress: + description: The service account email address assigned to the instance. + type: string type: object required: - spec @@ -75673,25 +106472,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectorynamespaces.servicedirectory.cnrm.cloud.google.com + name: sqlsslcerts.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryNamespace - plural: servicedirectorynamespaces + kind: SQLSSLCert + plural: sqlsslcerts shortNames: - - gcpservicedirectorynamespace - - gcpservicedirectorynamespaces - singular: servicedirectorynamespace + - gcpsqlsslcert + - gcpsqlsslcerts + singular: sqlsslcert preserveUnknownFields: false scope: Namespaced versions: @@ -75729,14 +106528,13 @@ spec: type: object spec: properties: - location: - description: |- - The location for the Namespace. - A full list of valid locations can be found by running - 'gcloud beta service-directory locations list'. + commonName: + description: Immutable. The common name to be used in the certificate + to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this + forces a new resource to be created. type: string - projectRef: - description: The project that this resource belongs to. + instanceRef: + description: The Cloud SQL instance. oneOf: - not: required: @@ -75753,7 +106551,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `SQLInstance` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -75763,16 +106562,22 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The namespaceId of the resource. - Used for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated sha1Fingerprint + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string required: - - location - - projectRef + - commonName + - instanceRef type: object status: properties: + cert: + description: The actual certificate data for this client certificate. + type: string + certSerialNumber: + description: The serial number extracted from the certificate data. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -75799,10 +106604,13 @@ spec: type: string type: object type: array - name: - description: |- - The resource name for the namespace - in the format 'projects/*/locations/*/namespaces/*'. + createTime: + description: The time when the certificate was created in RFC 3339 + format, for example 2012-11-15T16:19:00.094Z. + type: string + expirationTime: + description: The time when the certificate expires in RFC 3339 format, + for example 2012-11-15T16:19:00.094Z. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -75811,6 +106619,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + privateKey: + description: The private key associated with the client certificate. + type: string + serverCaCert: + description: The CA cert of the server this client cert was generated + from. + type: string + sha1Fingerprint: + description: The SHA1 Fingerprint of the certificate. + type: string type: object required: - spec @@ -75830,25 +106648,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicedirectoryservices.servicedirectory.cnrm.cloud.google.com + name: sqlusers.sql.cnrm.cloud.google.com spec: - group: servicedirectory.cnrm.cloud.google.com + group: sql.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceDirectoryService - plural: servicedirectoryservices + kind: SQLUser + plural: sqlusers shortNames: - - gcpservicedirectoryservice - - gcpservicedirectoryservices - singular: servicedirectoryservice + - gcpsqluser + - gcpsqlusers + singular: sqluser preserveUnknownFields: false scope: Namespaced versions: @@ -75886,9 +106704,13 @@ spec: type: object spec: properties: - namespaceRef: - description: The ServiceDirectoryNamespace that this service belongs - to. + host: + description: Immutable. The host the user can connect from. This is + only supported for MySQL instances. Don't set this field for PostgreSQL + instances. Can be an IP address. Changing this forces a new resource + to be created. + type: string + instanceRef: oneOf: - not: required: @@ -75905,7 +106727,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ServiceDirectoryNamespace` + description: 'Allowed value: The `name` field of a `SQLInstance` resource.' type: string name: @@ -75915,163 +106737,90 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - resourceID: - description: Immutable. Optional. The serviceId of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` - is used as the default. - type: string - required: - - namespaceRef - type: object - status: - properties: - conditions: - description: Conditions represent the latest available observation - of the resource's current state. - items: - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - type: string - message: - description: Human-readable message indicating details about - last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition. Can be True, - False, Unknown. - type: string - type: - description: Type is the type of the condition. - type: string - type: object - type: array - name: + password: description: |- - The resource name for the service in the - format 'projects/*/locations/*/namespaces/*/services/*'. - type: string - observedGeneration: - description: ObservedGeneration is the generation of the resource - that was most recently observed by the Config Connector controller. - If this is equal to metadata.generation, then that means that the - current reported status reflects the most recent desired state of - the resource. - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cnrm.cloud.google.com/version: 1.102.0 - creationTimestamp: null - labels: - cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable - cnrm.cloud.google.com/system: "true" - cnrm.cloud.google.com/tf2crd: "true" - name: serviceidentities.serviceusage.cnrm.cloud.google.com -spec: - group: serviceusage.cnrm.cloud.google.com - names: - categories: - - gcp - kind: ServiceIdentity - plural: serviceidentities - shortNames: - - gcpserviceidentity - - gcpserviceidentities - singular: serviceidentity - preserveUnknownFields: false - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: When 'True', the most recent reconcile of the resource succeeded - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - projectRef: - description: The project that this resource belongs to. + The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to + either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. oneOf: - not: required: - - external + - valueFrom required: - - name + - value - not: - anyOf: - - required: - - name - - required: - - namespace + required: + - value required: - - external + - valueFrom properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + value: + description: Value of the field. Cannot be used if 'valueFrom' + is specified. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + valueFrom: + description: Source for the field's value. Cannot be used if 'value' + is specified. + properties: + secretKeyRef: + description: Reference to a value with the given key in the + given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value to be extracted. + type: string + name: + description: Name of the Secret to extract a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + passwordPolicy: + properties: + allowedFailedAttempts: + description: Number of failed attempts allowed before the user + get locked. + type: integer + enableFailedAttemptsCheck: + description: If true, the check that will lock user after too + many failed login attempts will be enabled. + type: boolean + enablePasswordVerification: + description: If true, the user must specify the current password + before changing the password. This flag is supported only for + MySQL. + type: boolean + passwordExpirationDuration: + description: Password expiration duration with one week grace + period. type: string + status: + items: + properties: + locked: + description: If true, user does not have login privileges. + type: boolean + passwordExpirationTime: + description: Password expiration duration with one week + grace period. + type: string + type: object + type: array type: object resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + type: + description: |- + Immutable. The user type. It determines the method to authenticate the user during login. + The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + type: string required: - - projectRef + - instanceRef type: object status: properties: @@ -76101,8 +106850,6 @@ spec: type: string type: object type: array - email: - type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76110,6 +106857,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + sqlServerUserDetails: + items: + properties: + disabled: + description: If the user has been disabled. + type: boolean + serverRoles: + description: The server roles for this user in the database. + items: + type: string + type: array + type: object + type: array type: object required: - spec @@ -76129,25 +106889,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: servicenetworkingconnections.servicenetworking.cnrm.cloud.google.com + name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com spec: - group: servicenetworking.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: ServiceNetworkingConnection - plural: servicenetworkingconnections + kind: StorageBucketAccessControl + plural: storagebucketaccesscontrols shortNames: - - gcpservicenetworkingconnection - - gcpservicenetworkingconnections - singular: servicenetworkingconnection + - gcpstoragebucketaccesscontrol + - gcpstoragebucketaccesscontrols + singular: storagebucketaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76185,7 +106945,8 @@ spec: type: object spec: properties: - networkRef: + bucketRef: + description: Reference to the bucket. oneOf: - not: required: @@ -76202,7 +106963,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `ComputeNetwork` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -76212,44 +106973,31 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - reservedPeeringRanges: - items: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `ComputeAddress` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - type: array - service: - description: Immutable. Provider peering service that is managing - peering connectivity for a service provider organization. For Google - services that support this functionality it is 'servicenetworking.googleapis.com'. + entity: + description: |- + Immutable. The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER", "WRITER"].' type: string required: - - networkRef - - reservedPeeringRanges - - service + - bucketRef + - entity type: object status: properties: @@ -76279,6 +107027,12 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76286,8 +107040,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - peering: - type: string type: object required: - spec @@ -76307,25 +107059,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: services.serviceusage.cnrm.cloud.google.com + name: storagebuckets.storage.cnrm.cloud.google.com spec: - group: serviceusage.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: Service - plural: services + kind: StorageBucket + plural: storagebuckets shortNames: - - gcpservice - - gcpservices - singular: service + - gcpstoragebucket + - gcpstoragebuckets + singular: storagebucket preserveUnknownFields: false scope: Namespaced versions: @@ -76363,38 +107115,265 @@ spec: type: object spec: properties: - projectRef: - description: The project that this resource belongs to. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: + autoclass: + description: Immutable. The bucket's autoclass configuration. + properties: + enabled: + description: Immutable. While set to true, autoclass automatically + transitions objects in your bucket to appropriate storage classes + based on each object's access pattern. + type: boolean + required: + - enabled + type: object + bucketPolicyOnly: + description: |- + DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. + Enables Bucket PolicyOnly access to a bucket. + type: boolean + cors: + description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. + items: + properties: + maxAgeSeconds: + description: The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + type: integer + method: + description: 'The list of HTTP methods on which to include CORS + response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted + in the list of methods, and means "any method".' + items: + type: string + type: array + origin: + description: 'The list of Origins eligible to receive CORS response + headers. Note: "*" is permitted in the list of origins, and + means "any Origin".' + items: + type: string + type: array + responseHeader: + description: The list of HTTP headers other than the simple + response headers to give permission for the user-agent to + share across domains. + items: + type: string + type: array + type: object + type: array + customPlacementConfig: + description: The bucket's custom location configuration, which specifies + the individual regions that comprise a dual-region bucket. If the + bucket is designated a single or multi-region, the parameters are + empty. + properties: + dataLocations: + description: 'Immutable. The list of individual regions that comprise + a dual-region bucket. See the docs for a list of acceptable + regions. Note: If any of the data_locations changes, it will + recreate the bucket.' + items: + type: string + type: array + required: + - dataLocations + type: object + defaultEventBasedHold: + description: Whether or not to automatically apply an eventBasedHold + to new objects added to the bucket. + type: boolean + encryption: + description: The bucket's encryption configuration. + properties: + kmsKeyRef: + oneOf: + - not: + required: + - external + required: - name - - required: - - namespace + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + required: + - kmsKeyRef + type: object + lifecycleRule: + description: The bucket's Lifecycle Rules configuration. + items: + properties: + action: + description: The Lifecycle Rule's action configuration. A single + block of this type is supported. + properties: + storageClass: + description: 'The target Storage Class of objects affected + by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, + REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' + type: string + type: + description: 'The type of the action of this Lifecycle Rule. + Supported values include: Delete, SetStorageClass and + AbortIncompleteMultipartUpload.' + type: string + required: + - type + type: object + condition: + description: The Lifecycle Rule's condition configuration. + properties: + age: + description: Minimum age of an object in days to satisfy + this condition. + type: integer + createdBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + customTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + daysSinceCustomTime: + description: Number of days elapsed since the user-specified + timestamp set on an object. + type: integer + daysSinceNoncurrentTime: + description: "Number of days elapsed since the noncurrent + timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition + is relevant only for versioned objects." + type: integer + matchesPrefix: + description: One or more matching name prefixes to satisfy + this condition. + items: + type: string + type: array + matchesStorageClass: + description: 'Storage Class of objects to satisfy this condition. + Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, + COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' + items: + type: string + type: array + matchesSuffix: + description: One or more matching name suffixes to satisfy + this condition. + items: + type: string + type: array + noncurrentTimeBefore: + description: Creation date of an object in RFC 3339 (e.g. + 2017-06-13) to satisfy this condition. + type: string + numNewerVersions: + description: Relevant only for versioned objects. The number + of newer versions of an object to satisfy this condition. + type: integer + withState: + description: 'Match to live and/or archived objects. Unversioned + buckets have only live objects. Supported values include: + "LIVE", "ARCHIVED", "ANY".' + type: string + type: object required: - - external + - action + - condition + type: object + type: array + location: + default: US + description: Immutable. The Google Cloud Storage location. + type: string + logging: + description: The bucket's Access & Storage Logs configuration. properties: - external: - description: 'Allowed value: The `name` field of a `Project` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + logBucket: + description: The bucket that will receive log objects. type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + logObjectPrefix: + description: The object prefix for log objects. If it's not provided, + by default Google Cloud Storage sets this to this bucket's name. type: string + required: + - logBucket type: object + publicAccessPrevention: + description: Prevents public access to a bucket. + type: string + requesterPays: + description: Enables Requester Pays on a storage bucket. + type: boolean resourceID: - description: Immutable. Optional. The service of the resource. Used - for creation and acquisition. When unset, the value of `metadata.name` + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string + retentionPolicy: + description: Configuration of the bucket's data retention policy for + how long objects in the bucket should be retained. + properties: + isLocked: + description: 'If set to true, the bucket will be locked and permanently + restrict edits to the bucket''s retention policy. Caution: + Locking a bucket is an irreversible action.' + type: boolean + retentionPeriod: + description: The period of time, in seconds, that objects in the + bucket must be retained and cannot be deleted, overwritten, + or archived. The value must be less than 3,155,760,000 seconds. + type: integer + required: + - retentionPeriod + type: object + storageClass: + description: 'The Storage Class of the new bucket. Supported values + include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, + ARCHIVE.' + type: string + uniformBucketLevelAccess: + description: Enables uniform bucket-level access on a bucket. + type: boolean + versioning: + description: The bucket's Versioning configuration. + properties: + enabled: + description: While set to true, versioning is fully enabled for + this bucket. + type: boolean + required: + - enabled + type: object + website: + description: Configuration if the bucket acts as a website. + properties: + mainPageSuffix: + description: Behaves as the bucket's directory index where missing + objects are treated as potential directories. + type: string + notFoundPage: + description: The custom object to return when a requested resource + is not found. + type: string + type: object type: object status: properties: @@ -76431,6 +107410,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + selfLink: + description: The URI of the created resource. + type: string + url: + description: The base URL of the bucket, in the format gs://. + type: string type: object type: object served: true @@ -76448,25 +107433,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sourcereporepositories.sourcerepo.cnrm.cloud.google.com + name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com spec: - group: sourcerepo.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SourceRepoRepository - plural: sourcereporepositories + kind: StorageDefaultObjectAccessControl + plural: storagedefaultobjectaccesscontrols shortNames: - - gcpsourcereporepository - - gcpsourcereporepositories - singular: sourcereporepository + - gcpstoragedefaultobjectaccesscontrol + - gcpstoragedefaultobjectaccesscontrols + singular: storagedefaultobjectaccesscontrol preserveUnknownFields: false scope: Namespaced versions: @@ -76479,114 +107464,82 @@ spec: name: Ready type: string - description: The reason for the value in 'Ready' - jsonPath: .status.conditions[?(@.type=='Ready')].reason - name: Status - type: string - - description: The last transition time for the value in 'Status' - jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime - name: Status Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'apiVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - pubsubConfigs: - description: "How this repository publishes a change in the repository - through Cloud Pub/Sub. \nKeyed by the topic names." - items: - properties: - messageFormat: - description: "The format of the Cloud Pub/Sub messages. \n- - PROTOBUF: The message payload is a serialized protocol buffer - of SourceRepoEvent.\n- JSON: The message payload is a JSON - string of SourceRepoEvent. Possible values: [\"PROTOBUF\", - \"JSON\"]." - type: string - serviceAccountRef: - description: |- - Service account used for publishing Cloud Pub/Sub messages. This - service account needs to be in the same project as the - pubsubConfig. When added, the caller needs to have - iam.serviceAccounts.actAs permission on this service account. If - unspecified, it defaults to the compute engine default service - account. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `email` field of an `IAMServiceAccount` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - topicRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `PubSubTopic` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + bucketRef: + description: Reference to the bucket. + oneOf: + - not: + required: + - external required: - - messageFormat - - topicRef - type: object - type: array - resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + entity: + description: |- + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers. + type: string + object: + description: The name of the object, if applied to an object. + type: string + role: + description: 'The access permission for the entity. Possible values: + ["OWNER", "READER"].' type: string + required: + - bucketRef + - entity + - role type: object status: properties: @@ -76616,6 +107569,19 @@ spec: type: string type: object type: array + domain: + description: The domain associated with the entity. + type: string + email: + description: The email address associated with the entity. + type: string + entityId: + description: The ID for the entity. + type: string + generation: + description: The content generation of the object, if applied to an + object. + type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76623,14 +107589,20 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - size: - description: The disk usage of the repo, in bytes. - type: integer - url: - description: URL to clone the repository from Google Cloud Source - Repositories. - type: string + projectTeam: + description: The project team associated with the entity. + properties: + projectNumber: + description: The project team associated with the entity. + type: string + team: + description: 'The team. Possible values: ["editors", "owners", + "viewers"].' + type: string + type: object type: object + required: + - spec type: object served: true storage: true @@ -76647,25 +107619,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerdatabases.spanner.cnrm.cloud.google.com + name: storagehmackeys.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerDatabase - plural: spannerdatabases + kind: StorageHMACKey + plural: storagehmackeys shortNames: - - gcpspannerdatabase - - gcpspannerdatabases - singular: spannerdatabase + - gcpstoragehmackey + - gcpstoragehmackeys + singular: storagehmackey preserveUnknownFields: false scope: Namespaced versions: @@ -76685,7 +107657,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -76703,58 +107675,8 @@ spec: type: object spec: properties: - databaseDialect: - description: |- - Immutable. The dialect of the Cloud Spanner Database. - If it is not provided, "GOOGLE_STANDARD_SQL" will be used. Possible values: ["GOOGLE_STANDARD_SQL", "POSTGRESQL"]. - type: string - ddl: - description: |- - An optional list of DDL statements to run inside the newly created - database. Statements can create tables, indexes, etc. These statements - execute atomically with the creation of the database: if there is an - error in any statement, the database is not created. - items: - type: string - type: array - encryptionConfig: - description: Immutable. Encryption configuration for the database. - properties: - kmsKeyRef: - description: |- - Fully qualified name of the KMS key to use to encrypt this database. This key - must exist in the same location as the Spanner Database. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - instanceRef: - description: The instance to create the database on. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -76771,8 +107693,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SpannerInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -76782,23 +107703,27 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated accessId of + the resource. Used for acquisition only. Leave unset to create a + new resource. type: string - versionRetentionPeriod: - description: |- - The retention period for the database. The retention period must be between 1 hour - and 7 days, and can be specified in days, hours, minutes, or seconds. For example, - the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. - If this property is used, you must avoid adding new DDL statements to 'ddl' that - update the database's version_retention_period. + serviceAccountEmail: + description: Immutable. The email address of the key's associated + service account. + type: string + state: + description: 'The state of the key. Can be set to one of ACTIVE, INACTIVE. + Default value: "ACTIVE" Possible values: ["ACTIVE", "INACTIVE"].' type: string required: - - instanceRef + - projectRef + - serviceAccountEmail type: object status: properties: + accessId: + description: The access ID of the HMAC Key. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -76832,8 +107757,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: An explanation of the status of the database. + secret: + description: HMAC secret key material. + type: string + timeCreated: + description: '''The creation time of the HMAC key in RFC 3339 format. + ''.' + type: string + updated: + description: '''The last modification time of the HMAC key metadata + in RFC 3339 format.''.' type: string type: object required: @@ -76854,25 +107787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: spannerinstances.spanner.cnrm.cloud.google.com + name: storagenotifications.storage.cnrm.cloud.google.com spec: - group: spanner.cnrm.cloud.google.com + group: storage.cnrm.cloud.google.com names: categories: - gcp - kind: SpannerInstance - plural: spannerinstances + kind: StorageNotification + plural: storagenotifications shortNames: - - gcpspannerinstance - - gcpspannerinstances - singular: spannerinstance + - gcpstoragenotification + - gcpstoragenotifications + singular: storagenotification preserveUnknownFields: false scope: Namespaced versions: @@ -76910,32 +107843,92 @@ spec: type: object spec: properties: - config: - description: |- - Immutable. The name of the instance's configuration (similar but not - quite the same as a region) which defines the geographic placement and - replication of your databases in this instance. It determines where your data - is stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc. - In order to obtain a valid list please consult the - [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + bucketRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + customAttributes: + additionalProperties: + type: string + description: Immutable. A set of key/value attribute pairs to attach + to each Cloud Pub/Sub message published for this notification subscription. + type: object + eventTypes: + description: 'Immutable. List of event type filters for this notification + config. If not specified, Cloud Storage will send notifications + for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", + "OBJECT_DELETE", "OBJECT_ARCHIVE".' + items: + type: string + type: array + objectNamePrefix: + description: Immutable. Specifies a prefix path filter for this notification + config. Cloud Storage will only send notifications for objects in + this bucket whose names begin with the specified prefix. type: string - displayName: - description: |- - The descriptive name for this instance as it appears in UIs. Must be - unique per project and between 4 and 30 characters in length. + payloadFormat: + description: Immutable. The desired content of the Payload. One of + "JSON_API_V1" or "NONE". type: string - numNodes: - type: integer - processingUnits: - type: integer resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated notificationId + of the resource. Used for acquisition only. Leave unset to create + a new resource. type: string + topicRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - config - - displayName + - bucketRef + - payloadFormat + - topicRef type: object status: properties: @@ -76965,6 +107958,9 @@ spec: type: string type: object type: array + notificationId: + description: The ID of the created notification. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -76972,8 +107968,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - state: - description: 'Instance status: ''CREATING'' or ''READY''.' + selfLink: + description: The URI of the created resource. type: string type: object required: @@ -76994,25 +107990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqldatabases.sql.cnrm.cloud.google.com + name: storagetransferagentpools.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLDatabase - plural: sqldatabases + kind: StorageTransferAgentPool + plural: storagetransferagentpools shortNames: - - gcpsqldatabase - - gcpsqldatabases - singular: sqldatabase + - gcpstoragetransferagentpool + - gcpstoragetransferagentpools + singular: storagetransferagentpool preserveUnknownFields: false scope: Namespaced versions: @@ -77032,7 +108028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -77050,31 +108046,22 @@ spec: type: object spec: properties: - charset: - description: |- - The charset value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) - for more details and supported values. Postgres databases only support - a value of 'UTF8' at creation time. - type: string - collation: - description: |- - The collation value. See MySQL's - [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) - and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) - for more details and supported values. Postgres databases only support - a value of 'en_US.UTF8' at creation time. - type: string - deletionPolicy: - description: "The deletion policy for the database. Setting ABANDON - allows the resource \nto be abandoned rather than deleted. This - is useful for Postgres, where databases cannot be \ndeleted from - the API if there are users other than cloudsqlsuperuser with access. - Possible \nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\"." + bandwidthLimit: + description: Specifies the bandwidth limit details. If this field + is unspecified, the default value is set as 'No Limit'. + properties: + limitMbps: + description: Bandwidth rate in megabytes per second, distributed + across all the agents in the pool. + type: string + required: + - limitMbps + type: object + displayName: + description: Specifies the client-specified AgentPool description. type: string - instanceRef: - description: The Cloud SQL instance. + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -77091,8 +108078,7 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77107,7 +108093,7 @@ spec: is used as the default. type: string required: - - instanceRef + - projectRef type: object status: properties: @@ -77144,7 +108130,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: + state: + description: Specifies the state of the AgentPool. type: string type: object required: @@ -77165,25 +108152,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: stable cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlinstances.sql.cnrm.cloud.google.com + name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: storagetransfer.cnrm.cloud.google.com names: categories: - gcp - kind: SQLInstance - plural: sqlinstances + kind: StorageTransferJob + plural: storagetransferjobs shortNames: - - gcpsqlinstance - - gcpsqlinstances - singular: sqlinstance + - gcpstoragetransferjob + - gcpstoragetransferjobs + singular: storagetransferjob preserveUnknownFields: false scope: Namespaced versions: @@ -77221,407 +108208,332 @@ spec: type: object spec: properties: - databaseVersion: - default: MYSQL_5_6 - description: The MySQL, PostgreSQL or SQL Server (beta) version to - use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, - POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, - SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, - SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date - reference of supported versions. - type: string - encryptionKMSCryptoKeyRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. - type: string - maintenanceVersion: - description: Maintenance version. - type: string - masterInstanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - region: - description: Immutable. The region the instance will sit in. Note, - Cloud SQL is not available in all regions. A valid region must be - provided to use this resource. If a region is not provided in the - resource definition, the provider region will be used instead, but - this will be an apply-time error for instances if the provider region - is not supported with Cloud SQL. If you choose not to provide the - region argument for this resource, make sure you understand this. + description: + description: Unique description to identify the Transfer Job. type: string - replicaConfiguration: - description: The configuration for replication. + notificationConfig: + description: Notification configuration. properties: - caCertificate: - description: Immutable. PEM representation of the trusted CA's - x509 certificate. - type: string - clientCertificate: - description: Immutable. PEM representation of the replica's x509 - certificate. - type: string - clientKey: - description: Immutable. PEM representation of the replica's private - key. The corresponding public key in encoded in the client_certificate. - type: string - connectRetryInterval: - description: Immutable. The number of seconds between connect - retries. MySQL's default is 60 seconds. - type: integer - dumpFilePath: - description: Immutable. Path to a SQL file in Google Cloud Storage - from which replica instances are created. Format is gs://bucket/filename. - type: string - failoverTarget: - description: Immutable. Specifies if the replica is the failover - target. If the field is set to true the replica will be designated - as a failover replica. If the master instance fails, the replica - instance will be promoted as the new master instance. - type: boolean - masterHeartbeatPeriod: - description: Immutable. Time in ms between replication heartbeats. - type: integer - password: - description: Immutable. Password for the replication connection. + eventTypes: + description: Event types for which a notification is desired. + If empty, send notifications for all event types. The valid + types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", + "TRANSFER_OPERATION_ABORTED". + items: + type: string + type: array + payloadFormat: + description: The desired format of the notification message payloads. + One of "NONE" or "JSON". + type: string + topicRef: + description: The PubSubTopic to which to publish notifications. oneOf: - not: required: - - valueFrom + - external required: - - value + - name - not: - required: - - value + anyOf: + - required: + - name + - required: + - namespace required: - - valueFrom + - external properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + external: + description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, + where {{value}} is the `name` field of a `PubSubTopic` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - valueFrom: - description: Source for the field's value. Cannot be used - if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in - the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value - from. - type: string - required: - - name - - key - type: object - type: object type: object - sslCipher: - description: Immutable. Permissible ciphers for use in SSL encryption. - type: string - username: - description: Immutable. Username for replication connection. - type: string - verifyServerCertificate: - description: Immutable. True if the master's common name value - is checked during the SSL handshake. - type: boolean + required: + - payloadFormat + - topicRef type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - rootPassword: - description: Initial root password. Required for MS SQL Server. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom + schedule: + description: Schedule specification defining when the Transfer Job + should be scheduled to start, end and what time to run. properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. + repeatInterval: + description: 'Interval between the start of each scheduled transfer. + If unspecified, the default value is 24 hours. This value may + not be less than 1 hour. A duration in seconds with up to nine + fractional digits, terminated by ''s''. Example: "3.5s".' type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. + scheduleEndDate: + description: The last day the recurring transfer will be run. + If schedule_end_date is the same as schedule_start_date, the + transfer will be executed only once. properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer + required: + - day + - month + - year type: object - type: object - settings: - description: The settings to use for the database. The configuration - is detailed below. - properties: - activationPolicy: - description: This specifies when the instance should be active. - Can be either ALWAYS, NEVER or ON_DEMAND. - type: string - activeDirectoryConfig: + scheduleStartDate: + description: The first day the recurring transfer is scheduled + to run. If schedule_start_date is in the past, the transfer + will run for the first time on the following day. properties: - domain: - description: Domain name of the Active Directory for SQL Server - (e.g., mydomain.com). - type: string + day: + description: Day of month. Must be from 1 to 31 and valid + for the year and month. + type: integer + month: + description: Month of year. Must be from 1 to 12. + type: integer + year: + description: Year of date. Must be from 1 to 9999. + type: integer required: - - domain + - day + - month + - year type: object - authorizedGaeApplications: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - items: - type: string - type: array - availabilityType: - description: |- - The availability type of the Cloud SQL instance, high availability - (REGIONAL) or single zone (ZONAL). For all instances, ensure that - settings.backup_configuration.enabled is set to true. - For MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true. - For Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled - is set to true. Defaults to ZONAL. - type: string - backupConfiguration: + startTimeOfDay: + description: The time in UTC at which the transfer will be scheduled + to start in a day. Transfers may start later than this time. + If not specified, recurring and one-time transfers that are + scheduled to run today will run immediately; recurring transfers + that are scheduled to run on a future date will start at approximately + midnight UTC on that date. Note that when configuring a transfer + with the Cloud Platform Console, the transfer's start time in + a day is specified in your local timezone. properties: - backupRetentionSettings: - properties: - retainedBackups: - description: Number of backups to retain. - type: integer - retentionUnit: - description: The unit that 'retainedBackups' represents. - Defaults to COUNT. - type: string - required: - - retainedBackups - type: object - binaryLogEnabled: - description: True if binary logging is enabled. If settings.backup_configuration.enabled - is false, this must be as well. Can only be used with MySQL. - type: boolean - enabled: - description: True if backup configuration is enabled. - type: boolean - location: - description: Location of the backup configuration. - type: string - pointInTimeRecoveryEnabled: - description: True if Point-in-time recovery is enabled. - type: boolean - startTime: - description: HH:MM format time indicating when backup configuration - starts. - type: string - transactionLogRetentionDays: - description: The number of days of transaction logs we retain - for point in time restore, from 1-7. + hours: + description: Hours of day in 24 hour format. Should be from + 0 to 23. + type: integer + minutes: + description: Minutes of hour of day. Must be from 0 to 59. + type: integer + nanos: + description: Fractions of seconds in nanoseconds. Must be + from 0 to 999,999,999. + type: integer + seconds: + description: Seconds of minutes of the time. Must normally + be from 0 to 59. type: integer + required: + - hours + - minutes + - nanos + - seconds type: object - collation: - description: Immutable. The name of server instance collation. - type: string - connectorEnforcement: - description: Specifies if connections must use Cloud SQL connectors. - type: string - crashSafeReplication: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: boolean - databaseFlags: - items: - properties: - name: - description: Name of the flag. - type: string - value: - description: Value of the flag. - type: string - required: - - name - - value - type: object - type: array - deletionProtectionEnabled: - description: Configuration to protect against accidental instance - deletion. - type: boolean - denyMaintenancePeriod: + required: + - scheduleStartDate + type: object + status: + description: 'Status of the job. Default: ENABLED. NOTE: The effect + of the new job status takes place during a subsequent job run. For + example, if you change the job status from ENABLED to DISABLED, + and an operation spawned by the transfer is running, the status + change would not affect the current operation.' + type: string + transferSpec: + description: Transfer specification. + properties: + awsS3DataSource: + description: An AWS S3 data source. properties: - endDate: - description: End date before which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. - type: string - startDate: - description: Start date after which maintenance will not take - place. The date is in format yyyy-mm-dd i.e., 2020-11-01, - or mm-dd, i.e., 11-01. + awsAccessKey: + description: AWS credentials block. + properties: + accessKeyId: + description: AWS Key ID. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + secretAccessKey: + description: AWS Secret Access Key. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - accessKeyId + - secretAccessKey + type: object + bucketName: + description: S3 Bucket name. type: string - time: - description: 'Time in UTC when the "deny maintenance period" - starts on start_date and ends on end_date. The time is in - format: HH:mm:SS, i.e., 00:00:00.' + roleArn: + description: The Amazon Resource Name (ARN) of the role to + support temporary credentials via 'AssumeRoleWithWebIdentity'. + For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). + When a role ARN is provided, Transfer Service fetches temporary + credentials for the session using a 'AssumeRoleWithWebIdentity' + call for the provided role using the [GoogleServiceAccount][] + for this project. type: string required: - - endDate - - startDate - - time - type: object - diskAutoresize: - description: Enables auto-resizing of the storage size. Defaults - to true. - type: boolean - diskAutoresizeLimit: - description: The maximum size, in GB, to which storage capacity - can be automatically increased. The default value is 0, which - specifies that there is no limit. - type: integer - diskSize: - description: The size of data disk, in GB. Size of a running instance - cannot be reduced but can be increased. The minimum value is - 10GB. - type: integer - diskType: - description: 'Immutable. The type of data disk: PD_SSD or PD_HDD. - Defaults to PD_SSD.' - type: string - insightsConfig: - description: Configuration of Query Insights. - properties: - queryInsightsEnabled: - description: True if Query Insights feature is enabled. - type: boolean - queryPlansPerMinute: - description: Number of query execution plans captured by Insights - per minute for all queries combined. Between 0 and 20. Default - to 5. - type: integer - queryStringLength: - description: Maximum query length stored in bytes. Between - 256 and 4500. Default to 1024. - type: integer - recordApplicationTags: - description: True if Query Insights will record application - tags from query when enabled. - type: boolean - recordClientAddress: - description: True if Query Insights will record client address - when enabled. - type: boolean + - bucketName type: object - ipConfiguration: + azureBlobStorageDataSource: + description: An Azure Blob Storage data source. properties: - allocatedIpRange: - description: 'The name of the allocated ip range for the private - ip CloudSQL instance. For example: "google-managed-services-default". - If set, the instance ip will be created in the allocated - range. The range name must comply with RFC 1035. Specifically, - the name must be 1-63 characters long and match the regular - expression [a-z]([-a-z0-9]*[a-z0-9])?.' - type: string - authorizedNetworks: - items: - properties: - expirationTime: - type: string - name: - type: string - value: - type: string - required: - - value - type: object - type: array - enablePrivatePathForGoogleCloudServices: - description: Whether Google Cloud services such as BigQuery - are allowed to access data in this Cloud SQL instance over - a private IP connection. SQLSERVER database type is not - supported. - type: boolean - ipv4Enabled: - description: Whether this Cloud SQL instance should be assigned - a public IPV4 address. At least ipv4_enabled must be enabled - or a private_network must be configured. - type: boolean - privateNetworkRef: + azureCredentials: + description: ' Credentials used to authenticate API requests + to Azure.' + properties: + sasToken: + description: Azure shared access signature. + oneOf: + - not: + required: + - valueFrom + required: + - value + - not: + required: + - value + required: + - valueFrom + properties: + value: + description: Value of the field. Cannot be used if + 'valueFrom' is specified. + type: string + valueFrom: + description: Source for the field's value. Cannot + be used if 'value' is specified. + properties: + secretKeyRef: + description: Reference to a value with the given + key in the given Secret in the resource's namespace. + properties: + key: + description: Key that identifies the value + to be extracted. + type: string + name: + description: Name of the Secret to extract + a value from. + type: string + required: + - name + - key + type: object + type: object + type: object + required: + - sasToken + type: object + container: + description: The container to transfer from the Azure Storage + account. + type: string + path: + description: Root path to transfer objects. Must be an empty + string or full path name that ends with a '/'. This field + is treated as an object prefix. As such, it should generally + not begin with a '/'. + type: string + storageAccount: + description: The name of the Azure Storage account. + type: string + required: + - azureCredentials + - container + - storageAccount + type: object + gcsDataSink: + description: A Google Cloud Storage data sink. + properties: + bucketRef: oneOf: - not: required: @@ -77638,8 +108550,8 @@ spec: - external properties: external: - description: 'Allowed value: The `selfLink` field of a - `ComputeNetwork` resource.' + description: 'Allowed value: The `name` field of a `StorageBucket` + resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77648,73 +108560,16 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - requireSsl: - type: boolean - type: object - locationPreference: - properties: - followGaeApplication: - description: A Google App Engine application whose zone to - remain in. Must be in the same region as this instance. - type: string - secondaryZone: - description: The preferred Compute Engine zone for the secondary/failover. - type: string - zone: - description: The preferred compute engine zone. - type: string - type: object - maintenanceWindow: - description: Declares a one-hour maintenance window when an Instance - can automatically restart to apply updates. The maintenance - window is specified in UTC time. - properties: - day: - description: Day of week (1-7), starting on Monday. - type: integer - hour: - description: Hour of day (0-23), ignored if day not set. - type: integer - updateTrack: - description: Receive updates earlier (canary) or later (stable). - type: string - type: object - passwordValidationPolicy: - properties: - complexity: - description: Password complexity. - type: string - disallowUsernameSubstring: - description: Disallow username as a part of the password. - type: boolean - enablePasswordPolicy: - description: Whether the password policy is enabled or not. - type: boolean - minLength: - description: Minimum number of characters allowed. - type: integer - passwordChangeInterval: - description: Minimum interval after which the password can - be changed. This flag is only supported for PostgresSQL. + path: + description: Google Cloud Storage path in bucket to transfer. type: string - reuseInterval: - description: Number of previous passwords that cannot be reused. - type: integer required: - - enablePasswordPolicy + - bucketRef type: object - pricingPlan: - description: Pricing plan for this instance, can only be PER_USE. - type: string - replicationType: - description: |- - DEPRECATED. This property is only applicable to First Generation instances, and First Generation instances are now deprecated. see https://cloud.google.com/sql/docs/mysql/deprecation-notice for information on how to upgrade to Second Generation instances. - Specifying this field has no-ops; it's recommended to remove this field from your configuration. - type: string - sqlServerAuditConfig: + gcsDataSource: + description: A Google Cloud Storage data source. properties: bucketRef: - description: The name of the destination bucket (e.g., gs://mybucket). oneOf: - not: required: @@ -77731,7 +108586,7 @@ spec: - external properties: external: - description: 'Allowed value: The `url` field of a `StorageBucket` + description: 'Allowed value: The `name` field of a `StorageBucket` resource.' type: string name: @@ -77741,42 +108596,133 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - retentionInterval: - description: 'How long to keep generated audit files. A duration - in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s"..' + path: + description: Google Cloud Storage path in bucket to transfer. type: string - uploadInterval: - description: 'How often to upload generated audit files. A - duration in seconds with up to nine fractional digits, terminated - by ''s''. Example: "3.5s".' + required: + - bucketRef + type: object + httpDataSource: + description: A HTTP URL data source. + properties: + listUrl: + description: The URL that points to the file that stores the + object list entries. This file must allow public access. + Currently, only URLs with HTTP and HTTPS schemes are supported. type: string + required: + - listUrl type: object - tier: - description: The machine type to use. See tiers for more details - and supported versions. Postgres supports only shared-core machine - types, and custom machine types such as db-custom-2-13312. See - the Custom Machine Type Documentation to learn about specifying - custom machine types. + objectConditions: + description: Only objects that satisfy these object conditions + are included in the set of data source and data sink objects. + Object conditions based on objects' last_modification_time do + not exclude objects in a data sink. + properties: + excludePrefixes: + description: exclude_prefixes must follow the requirements + described for include_prefixes. + items: + type: string + type: array + includePrefixes: + description: If include_refixes is specified, objects that + satisfy the object conditions must have names that start + with one of the include_prefixes and that do not start with + any of the exclude_prefixes. If include_prefixes is not + specified, all objects except those that have names starting + with one of the exclude_prefixes must satisfy the object + conditions. + items: + type: string + type: array + lastModifiedBefore: + description: 'If specified, only objects with a "last modification + time" before this timestamp and objects that don''t have + a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + lastModifiedSince: + description: 'If specified, only objects with a "last modification + time" on or after this timestamp and objects that don''t + have a "last modification time" are transferred. A timestamp + in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" + and "2014-10-02T15:01:23.045123456Z".' + type: string + maxTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + minTimeElapsedSinceLastModification: + description: 'A duration in seconds with up to nine fractional + digits, terminated by ''s''. Example: "3.5s".' + type: string + type: object + posixDataSink: + description: A POSIX filesystem data sink. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + posixDataSource: + description: A POSIX filesystem data source. + properties: + rootDirectory: + description: Root directory path to the filesystem. + type: string + required: + - rootDirectory + type: object + sinkAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - timeZone: - description: Immutable. The time_zone to be used by the database - engine (supported only for SQL Server), in SQL Server timezone - format. + sourceAgentPoolName: + description: Immutable. Specifies the agent pool name associated + with the posix data source. When unspecified, the default name + is used. type: string - required: - - tier + transferOptions: + description: Characteristics of how to treat files from datasource + and sink during job. If the option delete_objects_unique_in_sink + is true, object conditions based on objects' last_modification_time + are ignored and do not exclude objects in a data source or a + data sink. + properties: + deleteObjectsFromSourceAfterTransfer: + description: Whether objects should be deleted from the source + after they are transferred to the sink. Note that this option + and delete_objects_unique_in_sink are mutually exclusive. + type: boolean + deleteObjectsUniqueInSink: + description: Whether objects that exist only in the sink should + be deleted. Note that this option and delete_objects_from_source_after_transfer + are mutually exclusive. + type: boolean + overwriteObjectsAlreadyExistingInSink: + description: Whether overwriting objects that already exist + in the sink is allowed. + type: boolean + overwriteWhen: + description: When to overwrite objects that already exist + in the sink. If not set, overwrite behavior is determined + by overwriteObjectsAlreadyExistingInSink. + type: string + type: object type: object required: - - settings + - description + - transferSpec type: object status: properties: - availableMaintenanceVersions: - description: Available Maintenance versions. - items: - type: string - type: array conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -77803,27 +108749,18 @@ spec: type: string type: object type: array - connectionName: - description: The connection name of the instance to be used in connection - strings. For example, when connecting with Cloud SQL Proxy. + creationTime: + description: When the Transfer Job was created. type: string - firstIpAddress: + deletionTime: + description: When the Transfer Job was deleted. type: string - instanceType: - description: The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', - 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'. + lastModificationTime: + description: When the Transfer Job was last modified. + type: string + name: + description: The name of the Transfer Job. type: string - ipAddress: - items: - properties: - ipAddress: - type: string - timeToRetire: - type: string - type: - type: string - type: object - type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -77831,35 +108768,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateIpAddress: - type: string - publicIpAddress: - type: string - selfLink: - description: The URI of the created resource. - type: string - serverCaCert: - properties: - cert: - description: The CA Certificate used to connect to the SQL Instance - via SSL. - type: string - commonName: - description: The CN valid for the CA Cert. - type: string - createTime: - description: Creation time of the CA Cert. - type: string - expirationTime: - description: Expiration time of the CA Cert. - type: string - sha1Fingerprint: - description: SHA Fingerprint of the CA Cert. - type: string - type: object - serviceAccountEmailAddress: - description: The service account email address assigned to the instance. - type: string type: object required: - spec @@ -77879,25 +108787,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlsslcerts.sql.cnrm.cloud.google.com + name: tagstagbindings.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLSSLCert - plural: sqlsslcerts + kind: TagsTagBinding + plural: tagstagbindings shortNames: - - gcpsqlsslcert - - gcpsqlsslcerts - singular: sqlsslcert + - gcptagstagbinding + - gcptagstagbindings + singular: tagstagbinding preserveUnknownFields: false scope: Namespaced versions: @@ -77935,13 +108843,7 @@ spec: type: object spec: properties: - commonName: - description: Immutable. The common name to be used in the certificate - to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this - forces a new resource to be created. - type: string - instanceRef: - description: The Cloud SQL instance. + parentRef: oneOf: - not: required: @@ -77958,8 +108860,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' + description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, + where {{value}} is the `number` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -77969,22 +108871,43 @@ spec: type: string type: object resourceID: - description: Immutable. Optional. The service-generated sha1Fingerprint - of the resource. Used for acquisition only. Leave unset to create - a new resource. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string + tagValueRef: + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: string of the format `tagValues/{{value}}`, + where {{value}} is the `name` field of a `TagsTagValue` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object required: - - commonName - - instanceRef + - parentRef + - tagValueRef type: object status: properties: - cert: - description: The actual certificate data for this client certificate. - type: string - certSerialNumber: - description: The serial number extracted from the certificate data. - type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -78011,13 +108934,9 @@ spec: type: string type: object type: array - createTime: - description: The time when the certificate was created in RFC 3339 - format, for example 2012-11-15T16:19:00.094Z. - type: string - expirationTime: - description: The time when the certificate expires in RFC 3339 format, - for example 2012-11-15T16:19:00.094Z. + name: + description: 'The generated id for the TagBinding. This is a string + of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78026,16 +108945,6 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - privateKey: - description: The private key associated with the client certificate. - type: string - serverCaCert: - description: The CA cert of the server this client cert was generated - from. - type: string - sha1Fingerprint: - description: The SHA1 Fingerprint of the certificate. - type: string type: object required: - spec @@ -78055,25 +108964,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: sqlusers.sql.cnrm.cloud.google.com + name: tagstagkeys.tags.cnrm.cloud.google.com spec: - group: sql.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: SQLUser - plural: sqlusers + kind: TagsTagKey + plural: tagstagkeys shortNames: - - gcpsqluser - - gcpsqlusers - singular: sqluser + - gcptagstagkey + - gcptagstagkeys + singular: tagstagkey preserveUnknownFields: false scope: Namespaced versions: @@ -78100,134 +109009,53 @@ spec: apiVersion: description: 'apiVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: Immutable. The host the user can connect from. This is - only supported for MySQL instances. Don't set this field for PostgreSQL - instances. Can be an IP address. Changing this forces a new resource - to be created. - type: string - instanceRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `SQLInstance` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - password: - description: |- - The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to - either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if 'valueFrom' - is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot be used if 'value' - is specified. - properties: - secretKeyRef: - description: Reference to a value with the given key in the - given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value to be extracted. - type: string - name: - description: Name of the Secret to extract a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - passwordPolicy: - properties: - allowedFailedAttempts: - description: Number of failed attempts allowed before the user - get locked. - type: integer - enableFailedAttemptsCheck: - description: If true, the check that will lock user after too - many failed login attempts will be enabled. - type: boolean - enablePasswordVerification: - description: If true, the user must specify the current password - before changing the password. This flag is supported only for - MySQL. - type: boolean - passwordExpirationDuration: - description: Password expiration duration with one week grace - period. - type: string - status: - items: - properties: - locked: - description: If true, user does not have login privileges. - type: boolean - passwordExpirationTime: - description: Password expiration duration with one week - grace period. - type: string - type: object - type: array + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: User-assigned description of the TagKey. Must not exceed + 256 characters. + type: string + parent: + description: Immutable. Input only. The resource name of the new TagKey's + parent. Must be of the form organizations/{org_id}. + type: string + purpose: + description: |- + Immutable. Optional. A purpose cannot be changed once set. + + A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + type: string + purposeData: + additionalProperties: + type: string + description: |- + Immutable. Optional. Purpose data cannot be changed once set. + + Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. type: object resourceID: - description: Immutable. Optional. The name of the resource. Used for - creation and acquisition. When unset, the value of `metadata.name` - is used as the default. + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - type: + shortName: description: |- - Immutable. The user type. It determines the method to authenticate the user during login. - The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT". + Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. + + The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - instanceRef + - parent + - shortName type: object status: properties: @@ -78257,6 +109085,18 @@ spec: type: string type: object type: array + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string + name: + description: The generated numeric id for the TagKey. + type: string + namespacedName: + description: Output only. Namespaced name of the TagKey. + type: string observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78264,19 +109104,12 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - sqlServerUserDetails: - items: - properties: - disabled: - description: If the user has been disabled. - type: boolean - serverRoles: - description: The server roles for this user in the database. - items: - type: string - type: array - type: object - type: array + updateTime: + description: |- + Output only. Update time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78296,25 +109129,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebucketaccesscontrols.storage.cnrm.cloud.google.com + name: tagstagvalues.tags.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tags.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucketAccessControl - plural: storagebucketaccesscontrols + kind: TagsTagValue + plural: tagstagvalues shortNames: - - gcpstoragebucketaccesscontrol - - gcpstoragebucketaccesscontrols - singular: storagebucketaccesscontrol + - gcptagstagvalue + - gcptagstagvalues + singular: tagstagvalue preserveUnknownFields: false scope: Namespaced versions: @@ -78352,8 +109185,11 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + description: + description: User-assigned description of the TagValue. Must not exceed + 256 characters. + type: string + parentRef: oneOf: - not: required: @@ -78370,8 +109206,8 @@ spec: - external properties: external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' + description: 'Allowed value: string of the format `tagKeys/{{value}}`, + where {{value}} is the `name` field of a `TagsTagKey` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -78380,31 +109216,20 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object - entity: - description: |- - Immutable. The entity holding the permission, in one of the following forms: - user-userId - user-email - group-groupId - group-email - domain-domain - project-team-projectId - allUsers - allAuthenticatedUsers - Examples: - The user liz@example.com would be user-liz@example.com. - The group example@googlegroups.com would be - group-example@googlegroups.com. - To refer to all members of the Google Apps for Business domain - example.com, the entity would be domain-example.com. + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER", "WRITER"].' + shortName: + description: |- + Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. + + The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. type: string required: - - bucketRef - - entity + - parentRef + - shortName type: object status: properties: @@ -78434,11 +109259,18 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. + createTime: + description: |- + Output only. Creation time. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". type: string - email: - description: The email address associated with the entity. + name: + description: The generated numeric id for the TagValue. + type: string + namespacedName: + description: Output only. Namespaced name of the TagValue. Will be + in the format {organizationId}/{tag_key_short_name}/{shortName}. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -78447,6 +109279,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: |- + Output only. Update time. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + type: string type: object required: - spec @@ -78466,25 +109303,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagebuckets.storage.cnrm.cloud.google.com + name: tpunodes.tpu.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: tpu.cnrm.cloud.google.com names: categories: - gcp - kind: StorageBucket - plural: storagebuckets + kind: TPUNode + plural: tpunodes shortNames: - - gcpstoragebucket - - gcpstoragebuckets - singular: storagebucket + - gcptpunode + - gcptpunodes + singular: tpunode preserveUnknownFields: false scope: Namespaced versions: @@ -78504,7 +109341,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78522,265 +109359,93 @@ spec: type: object spec: properties: - autoclass: - description: Immutable. The bucket's autoclass configuration. - properties: - enabled: - description: Immutable. While set to true, autoclass automatically - transitions objects in your bucket to appropriate storage classes - based on each object's access pattern. - type: boolean - required: - - enabled - type: object - bucketPolicyOnly: + acceleratorType: + description: Immutable. The type of hardware accelerators associated + with this node. + type: string + cidrBlock: description: |- - DEPRECATED. Please use the `uniformBucketLevelAccess` field as this field has been renamed by Google. The `uniformBucketLevelAccess` field will supersede this field. - Enables Bucket PolicyOnly access to a bucket. - type: boolean - cors: - description: The bucket's Cross-Origin Resource Sharing (CORS) configuration. - items: - properties: - maxAgeSeconds: - description: The value, in seconds, to return in the Access-Control-Max-Age - header used in preflight responses. - type: integer - method: - description: 'The list of HTTP methods on which to include CORS - response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted - in the list of methods, and means "any method".' - items: - type: string - type: array - origin: - description: 'The list of Origins eligible to receive CORS response - headers. Note: "*" is permitted in the list of origins, and - means "any Origin".' - items: - type: string - type: array - responseHeader: - description: The list of HTTP headers other than the simple - response headers to give permission for the user-agent to - share across domains. - items: - type: string - type: array - type: object - type: array - customPlacementConfig: - description: The bucket's custom location configuration, which specifies - the individual regions that comprise a dual-region bucket. If the - bucket is designated a single or multi-region, the parameters are - empty. - properties: - dataLocations: - description: 'Immutable. The list of individual regions that comprise - a dual-region bucket. See the docs for a list of acceptable - regions. Note: If any of the data_locations changes, it will - recreate the bucket.' - items: - type: string - type: array - required: - - dataLocations - type: object - defaultEventBasedHold: - description: Whether or not to automatically apply an eventBasedHold - to new objects added to the bucket. - type: boolean - encryption: - description: The bucket's encryption configuration. - properties: - kmsKeyRef: - oneOf: - - not: - required: - - external - required: + Immutable. The CIDR block that the TPU node will use when selecting an IP + address. This CIDR block must be a /29 block; the Compute Engine + networks API forbids a smaller block, and using a larger block would + be wasteful (a node can only consume one IP address). + + Errors will occur if the CIDR block has already been used for a + currently existing TPU node, the CIDR block conflicts with any + subnetworks in the user's provided network, or the provided network + is peered with another network that is using that CIDR block. + type: string + description: + description: Immutable. The user-supplied description of the TPU. + Maximum of 512 characters. + type: string + network: + description: |- + Immutable. The name of a network to peer the TPU node to. It must be a + preexisting Compute Engine network inside of the project on which + this API has been activated. If none is provided, "default" will be + used. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `selfLink` field of a `KMSCryptoKey` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - kmsKeyRef - type: object - lifecycleRule: - description: The bucket's Lifecycle Rules configuration. - items: - properties: - action: - description: The Lifecycle Rule's action configuration. A single - block of this type is supported. - properties: - storageClass: - description: 'The target Storage Class of objects affected - by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, - REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' - type: string - type: - description: 'The type of the action of this Lifecycle Rule. - Supported values include: Delete, SetStorageClass and - AbortIncompleteMultipartUpload.' - type: string - required: - - type - type: object - condition: - description: The Lifecycle Rule's condition configuration. - properties: - age: - description: Minimum age of an object in days to satisfy - this condition. - type: integer - createdBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - customTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - daysSinceCustomTime: - description: Number of days elapsed since the user-specified - timestamp set on an object. - type: integer - daysSinceNoncurrentTime: - description: "Number of days elapsed since the noncurrent - timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition - is relevant only for versioned objects." - type: integer - matchesPrefix: - description: One or more matching name prefixes to satisfy - this condition. - items: - type: string - type: array - matchesStorageClass: - description: 'Storage Class of objects to satisfy this condition. - Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, - COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.' - items: - type: string - type: array - matchesSuffix: - description: One or more matching name suffixes to satisfy - this condition. - items: - type: string - type: array - noncurrentTimeBefore: - description: Creation date of an object in RFC 3339 (e.g. - 2017-06-13) to satisfy this condition. - type: string - numNewerVersions: - description: Relevant only for versioned objects. The number - of newer versions of an object to satisfy this condition. - type: integer - withState: - description: 'Match to live and/or archived objects. Unversioned - buckets have only live objects. Supported values include: - "LIVE", "ARCHIVED", "ANY".' - type: string - type: object + - required: + - namespace required: - - action - - condition - type: object - type: array - location: - default: US - description: Immutable. The Google Cloud Storage location. - type: string - logging: - description: The bucket's Access & Storage Logs configuration. + - external properties: - logBucket: - description: The bucket that will receive log objects. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - logObjectPrefix: - description: The object prefix for log objects. If it's not provided, - by default Google Cloud Storage sets this to this bucket's name. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - required: - - logBucket type: object - publicAccessPrevention: - description: Prevents public access to a bucket. - type: string - requesterPays: - description: Enables Requester Pays on a storage bucket. - type: boolean resourceID: description: Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. type: string - retentionPolicy: - description: Configuration of the bucket's data retention policy for - how long objects in the bucket should be retained. + schedulingConfig: + description: Immutable. Sets the scheduling options for this TPU instance. properties: - isLocked: - description: 'If set to true, the bucket will be locked and permanently - restrict edits to the bucket''s retention policy. Caution: - Locking a bucket is an irreversible action.' + preemptible: + description: Immutable. Defines whether the TPU instance is preemptible. type: boolean - retentionPeriod: - description: The period of time, in seconds, that objects in the - bucket must be retained and cannot be deleted, overwritten, - or archived. The value must be less than 3,155,760,000 seconds. - type: integer required: - - retentionPeriod + - preemptible type: object - storageClass: - description: 'The Storage Class of the new bucket. Supported values - include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, - ARCHIVE.' + tensorflowVersion: + description: The version of Tensorflow running in the Node. type: string - uniformBucketLevelAccess: - description: Enables uniform bucket-level access on a bucket. + useServiceNetworking: + description: |- + Immutable. Whether the VPC peering for the node is set up through Service Networking API. + The VPC Peering should be set up before provisioning the node. If this field is set, + cidr_block field should not be specified. If the network that you want to peer the + TPU Node to is a Shared VPC network, the node must be created with this this field enabled. type: boolean - versioning: - description: The bucket's Versioning configuration. - properties: - enabled: - description: While set to true, versioning is fully enabled for - this bucket. - type: boolean - required: - - enabled - type: object - website: - description: Configuration if the bucket acts as a website. - properties: - mainPageSuffix: - description: Behaves as the bucket's directory index where missing - objects are treated as potential directories. - type: string - notFoundPage: - description: The custom object to return when a requested resource - is not found. - type: string - type: object + zone: + description: Immutable. The GCP location for the TPU. If it is not + provided, the provider zone is used. + type: string + required: + - acceleratorType + - projectRef + - tensorflowVersion + - zone type: object status: properties: @@ -78810,6 +109475,21 @@ spec: type: string type: object type: array + networkEndpoints: + description: |- + The network endpoints where TPU workers can be accessed and sent work. + It is recommended that Tensorflow clients of the node first reach out + to the first (index 0) entry. + items: + properties: + ipAddress: + description: The IP address of this network endpoint. + type: string + port: + description: The port of this network endpoint. + type: integer + type: object + type: array observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78817,13 +109497,16 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. - type: string - url: - description: The base URL of the bucket, in the format gs://. + serviceAccount: + description: |- + The service account used to run the tensor flow services within the + node. To share resources, including Google Cloud Storage data, with + the Tensorflow job running in the Node, this account must have + permissions to that data. type: string type: object + required: + - spec type: object served: true storage: true @@ -78840,25 +109523,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagedefaultobjectaccesscontrols.storage.cnrm.cloud.google.com + name: vertexaidatasets.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageDefaultObjectAccessControl - plural: storagedefaultobjectaccesscontrols + kind: VertexAIDataset + plural: vertexaidatasets shortNames: - - gcpstoragedefaultobjectaccesscontrol - - gcpstoragedefaultobjectaccesscontrols - singular: storagedefaultobjectaccesscontrol + - gcpvertexaidataset + - gcpvertexaidatasets + singular: vertexaidataset preserveUnknownFields: false scope: Namespaced versions: @@ -78878,7 +109561,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -78896,8 +109579,29 @@ spec: type: object spec: properties: - bucketRef: - description: Reference to the bucket. + displayName: + description: The user-defined name of the Dataset. The name can be + up to 128 characters long and can be consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Dataset. If set, this Dataset and all sub-resources of this Dataset + will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + type: object + metadataSchemaUri: + description: Immutable. Points to a YAML file stored on Google Cloud + Storage describing additional information about the Dataset. The + schema is defined as an OpenAPI 3.0.2 Schema Object. The schema + files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/. + type: string + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -78913,40 +109617,29 @@ spec: required: - external properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - entity: - description: |- - The entity holding the permission, in one of the following forms: - * user-{{userId}} - * user-{{email}} (such as "user-liz@example.com") - * group-{{groupId}} - * group-{{email}} (such as "group-example@googlegroups.com") - * domain-{{domain}} (such as "domain-example.com") - * project-team-{{projectId}} - * allUsers - * allAuthenticatedUsers. - type: string - object: - description: The name of the object, if applied to an object. + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the dataset. eg us-central1. type: string - role: - description: 'The access permission for the entity. Possible values: - ["OWNER", "READER"].' + resourceID: + description: Immutable. Optional. The service-generated name of the + resource. Used for acquisition only. Leave unset to create a new + resource. type: string required: - - bucketRef - - entity - - role + - displayName + - metadataSchemaUri + - projectRef + - region type: object status: properties: @@ -78976,19 +109669,15 @@ spec: type: string type: object type: array - domain: - description: The domain associated with the entity. - type: string - email: - description: The email address associated with the entity. + createTime: + description: The timestamp of when the dataset was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. type: string - entityId: - description: The ID for the entity. + name: + description: The resource name of the Dataset. This value is set by + Google. type: string - generation: - description: The content generation of the object, if applied to an - object. - type: integer observedGeneration: description: ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. @@ -78996,17 +109685,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - projectTeam: - description: The project team associated with the entity. - properties: - projectNumber: - description: The project team associated with the entity. - type: string - team: - description: 'The team. Possible values: ["editors", "owners", - "viewers"].' - type: string - type: object + updateTime: + description: The timestamp of when the dataset was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string type: object required: - spec @@ -79026,25 +109709,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagenotifications.storage.cnrm.cloud.google.com + name: vertexaiendpoints.vertexai.cnrm.cloud.google.com spec: - group: storage.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageNotification - plural: storagenotifications + kind: VertexAIEndpoint + plural: vertexaiendpoints shortNames: - - gcpstoragenotification - - gcpstoragenotifications - singular: storagenotification + - gcpvertexaiendpoint + - gcpvertexaiendpoints + singular: vertexaiendpoint preserveUnknownFields: false scope: Namespaced versions: @@ -79064,7 +109747,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79082,62 +109765,44 @@ spec: type: object spec: properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external + description: + description: The description of the Endpoint. + type: string + displayName: + description: Required. The display name of the Endpoint. The name + can be up to 128 characters long and can consist of any UTF-8 characters. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for an + Endpoint. If set, this Endpoint and all sub-resources of this Endpoint + will be secured by this key. properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + kmsKeyName: + description: 'Immutable. Required. The Cloud KMS resource identifier + of the customer managed encryption key used to protect a resource. + Has the form: ''projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key''. + The key needs to be in the same region as where the compute + resource is created.' type: string + required: + - kmsKeyName type: object - customAttributes: - additionalProperties: - type: string - description: Immutable. A set of key/value attribute pairs to attach - to each Cloud Pub/Sub message published for this notification subscription. - type: object - eventTypes: - description: 'Immutable. List of event type filters for this notification - config. If not specified, Cloud Storage will send notifications - for all event types. The valid types are: "OBJECT_FINALIZE", "OBJECT_METADATA_UPDATE", - "OBJECT_DELETE", "OBJECT_ARCHIVE".' - items: - type: string - type: array - objectNamePrefix: - description: Immutable. Specifies a prefix path filter for this notification - config. Cloud Storage will only send notifications for objects in - this bucket whose names begin with the specified prefix. - type: string - payloadFormat: - description: Immutable. The desired content of the Payload. One of - "JSON_API_V1" or "NONE". + location: + description: Immutable. The location for the resource. type: string - resourceID: - description: Immutable. Optional. The service-generated notificationId - of the resource. Used for acquisition only. Leave unset to create - a new resource. + network: + description: 'Immutable. The full name of the Google Compute Engine + [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) + to which the Endpoint should be peered. Private services access + must already be configured for the network. If left unspecified, + the Endpoint is not peered with any network. Only one of the fields, + network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): + ''projects/{project}/global/networks/{network}''. Where ''{project}'' + is a project number, as in ''12345'', and ''{network}'' is network + name.' type: string - topicRef: + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79154,8 +109819,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79164,10 +109828,15 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - bucketRef - - payloadFormat - - topicRef + - displayName + - location + - projectRef type: object status: properties: @@ -79197,8 +109866,222 @@ spec: type: string type: object type: array - notificationId: - description: The ID of the created notification. + createTime: + description: Output only. Timestamp when this Endpoint was created. + type: string + deployedModels: + description: Output only. The models deployed in this Endpoint. To + add or remove DeployedModels use EndpointService.DeployModel and + EndpointService.UndeployModel respectively. Models can also be deployed + and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/). + items: + properties: + automaticResources: + description: A description of resources that to large degree + are decided by Vertex AI, and require only a modest additional + configuration. + items: + properties: + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, a no upper bound for scaling under + heavy traffic will be assume, though Vertex AI may be + unable to scale beyond certain replica number. + type: integer + minReplicaCount: + description: The minimum number of replicas this DeployedModel + will be always deployed on. If traffic against it increases, + it may dynamically be deployed onto more replicas up + to max_replica_count, and as traffic decreases, some + of these extra replicas may be freed. If the requested + value is too large, the deployment will error. + type: integer + type: object + type: array + createTime: + description: Output only. Timestamp when the DeployedModel was + created. + type: string + dedicatedResources: + description: A description of resources that are dedicated to + the DeployedModel, and that need a higher degree of manual + configuration. + items: + properties: + autoscalingMetricSpecs: + description: The metric specifications that overrides + a resource utilization metric (CPU utilization, accelerator's + duty cycle, and so on) target value (default to 60 if + not set). At most one entry is allowed per metric. If + machine_spec.accelerator_count is above 0, the autoscaling + will be based on both CPU utilization and accelerator's + duty cycle metrics and scale up when either metrics + exceeds its target value while scale down if both metrics + are under their target value. The default target value + is 60 for both metrics. If machine_spec.accelerator_count + is 0, the autoscaling will be based on CPU utilization + metric only with default target value 60 if not explicitly + set. For example, in the case of Online Prediction, + if you want to override target CPU utilization to 80, + you should set autoscaling_metric_specs.metric_name + to 'aiplatform.googleapis.com/prediction/online/cpu/utilization' + and autoscaling_metric_specs.target to '80'. + items: + properties: + metricName: + description: 'The resource metric name. Supported + metrics: * For Online Prediction: * ''aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle'' + * ''aiplatform.googleapis.com/prediction/online/cpu/utilization''.' + type: string + target: + description: The target resource utilization in + percentage (1% - 100%) for the given metric; once + the real usage deviates from the target by a certain + percentage, the machine replicas change. The default + value is 60 (representing 60%) if not provided. + type: integer + type: object + type: array + machineSpec: + description: The specification of a single machine used + by the prediction. + items: + properties: + acceleratorCount: + description: The number of accelerators to attach + to the machine. + type: integer + acceleratorType: + description: The type of accelerator(s) that may + be attached to the machine as per accelerator_count. + See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType). + type: string + machineType: + description: 'The type of the machine. See the [list + of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types) + See the [list of machine types supported for custom + training](https://cloud.google.com/vertex-ai/docs/training/configure-compute#machine-types). + For DeployedModel this field is optional, and + the default value is ''n1-standard-2''. For BatchPredictionJob + or as part of WorkerPoolSpec this field is required. + TODO(rsurowka): Try to better unify the required + vs optional.' + type: string + type: object + type: array + maxReplicaCount: + description: The maximum number of replicas this DeployedModel + may be deployed on when the traffic against it increases. + If the requested value is too large, the deployment + will error, but if deployment succeeds then the ability + to scale the model to that many replicas is guaranteed + (barring service outages). If traffic against the DeployedModel + increases beyond what its replicas at maximum may handle, + a portion of the traffic will be dropped. If this value + is not provided, will use min_replica_count as the default + value. The value of this field impacts the charge against + Vertex CPU and GPU quotas. Specifically, you will be + charged for max_replica_count * number of cores in the + selected machine type) and (max_replica_count * number + of GPUs per replica in the selected machine type). + type: integer + minReplicaCount: + description: The minimum number of machine replicas this + DeployedModel will be always deployed on. This value + must be greater than or equal to 1. If traffic against + the DeployedModel increases, it may dynamically be deployed + onto more replicas, and as traffic decreases, some of + these extra replicas may be freed. + type: integer + type: object + type: array + displayName: + description: The display name of the DeployedModel. If not provided + upon creation, the Model's display_name is used. + type: string + enableAccessLogging: + description: These logs are like standard server access logs, + containing information like timestamp and latency for each + prediction request. Note that Stackdriver logs may incur a + cost, especially if your project receives prediction requests + at a high queries per second rate (QPS). Estimate your costs + before enabling this option. + type: boolean + enableContainerLogging: + description: If true, the container of the DeployedModel instances + will send 'stderr' and 'stdout' streams to Stackdriver Logging. + Only supported for custom-trained Models and AutoML Tabular + Models. + type: boolean + id: + description: The ID of the DeployedModel. If not provided upon + deployment, Vertex AI will generate a value for this ID. This + value should be 1-10 characters, and valid characters are + /[0-9]/. + type: string + model: + description: The name of the Model that this is the deployment + of. Note that the Model may be in a different location than + the DeployedModel's Endpoint. + type: string + modelVersionId: + description: Output only. The version ID of the model that is + deployed. + type: string + privateEndpoints: + description: Output only. Provide paths for users to send predict/explain/health + requests directly to the deployed model services running on + Cloud via private services access. This field is populated + if network is configured. + items: + properties: + explainHttpUri: + description: Output only. Http(s) path to send explain + requests. + type: string + healthHttpUri: + description: Output only. Http(s) path to send health + check requests. + type: string + predictHttpUri: + description: Output only. Http(s) path to send prediction + requests. + type: string + serviceAttachment: + description: Output only. The name of the service attachment + resource. Populated if private service connect is enabled. + type: string + type: object + type: array + serviceAccount: + description: The service account that the DeployedModel's container + runs as. Specify the email address of the service account. + If this service account is not specified, the container runs + as a service account that doesn't have access to the resource + project. Users deploying the Model must have the 'iam.serviceAccounts.actAs' + permission on this service account. + type: string + sharedResources: + description: 'The resource name of the shared DeploymentResourcePool + to deploy on. Format: projects/{project}/locations/{location}/deploymentResourcePools/{deployment_resource_pool}.' + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + If not set, a blind "overwrite" update happens. + type: string + modelDeploymentMonitoringJob: + description: 'Output only. Resource name of the Model Monitoring job + associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. + Format: ''projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}''.' type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79207,8 +110090,8 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer - selfLink: - description: The URI of the created resource. + updateTime: + description: Output only. Timestamp when this Endpoint was last updated. type: string type: object required: @@ -79229,25 +110112,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" - cnrm.cloud.google.com/stability-level: stable + cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: storagetransferjobs.storagetransfer.cnrm.cloud.google.com + name: vertexaifeaturestoreentitytypefeatures.vertexai.cnrm.cloud.google.com spec: - group: storagetransfer.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: StorageTransferJob - plural: storagetransferjobs + kind: VertexAIFeaturestoreEntityTypeFeature + plural: vertexaifeaturestoreentitytypefeatures shortNames: - - gcpstoragetransferjob - - gcpstoragetransferjobs - singular: storagetransferjob + - gcpvertexaifeaturestoreentitytypefeature + - gcpvertexaifeaturestoreentitytypefeatures + singular: vertexaifeaturestoreentitytypefeature preserveUnknownFields: false scope: Namespaced versions: @@ -79267,7 +110150,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79286,501 +110169,474 @@ spec: spec: properties: description: - description: Unique description to identify the Transfer Job. + description: Description of the feature. + type: string + entitytype: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}. type: string - notificationConfig: - description: Notification configuration. - properties: - eventTypes: - description: Event types for which a notification is desired. - If empty, send notifications for all event types. The valid - types are "TRANSFER_OPERATION_SUCCESS", "TRANSFER_OPERATION_FAILED", - "TRANSFER_OPERATION_ABORTED". - items: - type: string - type: array - payloadFormat: - description: The desired format of the notification message payloads. - One of "NONE" or "JSON". - type: string - topicRef: - description: The PubSubTopic to which to publish notifications. - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `projects/{{project}}/topics/{{value}}`, - where {{value}} is the `name` field of a `PubSubTopic` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - required: - - payloadFormat - - topicRef - type: object resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string - schedule: - description: Schedule specification defining when the Transfer Job - should be scheduled to start, end and what time to run. - properties: - repeatInterval: - description: 'Interval between the start of each scheduled transfer. - If unspecified, the default value is 24 hours. This value may - not be less than 1 hour. A duration in seconds with up to nine - fractional digits, terminated by ''s''. Example: "3.5s".' - type: string - scheduleEndDate: - description: The last day the recurring transfer will be run. - If schedule_end_date is the same as schedule_start_date, the - transfer will be executed only once. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - scheduleStartDate: - description: The first day the recurring transfer is scheduled - to run. If schedule_start_date is in the past, the transfer - will run for the first time on the following day. - properties: - day: - description: Day of month. Must be from 1 to 31 and valid - for the year and month. - type: integer - month: - description: Month of year. Must be from 1 to 12. - type: integer - year: - description: Year of date. Must be from 1 to 9999. - type: integer - required: - - day - - month - - year - type: object - startTimeOfDay: - description: The time in UTC at which the transfer will be scheduled - to start in a day. Transfers may start later than this time. - If not specified, recurring and one-time transfers that are - scheduled to run today will run immediately; recurring transfers - that are scheduled to run on a future date will start at approximately - midnight UTC on that date. Note that when configuring a transfer - with the Cloud Platform Console, the transfer's start time in - a day is specified in your local timezone. - properties: - hours: - description: Hours of day in 24 hour format. Should be from - 0 to 23. - type: integer - minutes: - description: Minutes of hour of day. Must be from 0 to 59. - type: integer - nanos: - description: Fractions of seconds in nanoseconds. Must be - from 0 to 999,999,999. - type: integer - seconds: - description: Seconds of minutes of the time. Must normally - be from 0 to 59. - type: integer - required: - - hours - - minutes - - nanos - - seconds - type: object - required: - - scheduleStartDate - type: object - status: - description: 'Status of the job. Default: ENABLED. NOTE: The effect - of the new job status takes place during a subsequent job run. For - example, if you change the job status from ENABLED to DISABLED, - and an operation spawned by the transfer is running, the status - change would not affect the current operation.' + valueType: + description: Immutable. Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType. type: string - transferSpec: - description: Transfer specification. - properties: - awsS3DataSource: - description: An AWS S3 data source. - properties: - awsAccessKey: - description: AWS credentials block. - properties: - accessKeyId: - description: AWS Key ID. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - secretAccessKey: - description: AWS Secret Access Key. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - accessKeyId - - secretAccessKey - type: object - bucketName: - description: S3 Bucket name. - type: string - roleArn: - description: The Amazon Resource Name (ARN) of the role to - support temporary credentials via 'AssumeRoleWithWebIdentity'. - For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). - When a role ARN is provided, Transfer Service fetches temporary - credentials for the session using a 'AssumeRoleWithWebIdentity' - call for the provided role using the [GoogleServiceAccount][] - for this project. - type: string - required: - - bucketName - type: object - azureBlobStorageDataSource: - description: An Azure Blob Storage data source. + required: + - entitytype + - valueType + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the entity type was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + updateTime: + description: The timestamp when the entity type was most recently + updated in RFC3339 UTC "Zulu" format, with nanosecond resolution + and up to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestoreentitytypes.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestoreEntityType + plural: vertexaifeaturestoreentitytypes + shortNames: + - gcpvertexaifeaturestoreentitytype + - gcpvertexaifeaturestoreentitytypes + singular: vertexaifeaturestoreentitytype + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Optional. Description of the EntityType. + type: string + featurestore: + description: Immutable. The name of the Featurestore to use, in the + format projects/{project}/locations/{location}/featurestores/{featurestore}. + type: string + monitoringConfig: + description: |- + The default monitoring configuration for all Features under this EntityType. + + If this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled. + properties: + categoricalThresholdConfig: + description: Threshold for categorical features of anomaly detection. + This is shared by all types of Featurestore Monitoring for categorical + features (i.e. Features with type (Feature.ValueType) BOOL or + STRING). properties: - azureCredentials: - description: ' Credentials used to authenticate API requests - to Azure.' - properties: - sasToken: - description: Azure shared access signature. - oneOf: - - not: - required: - - valueFrom - required: - - value - - not: - required: - - value - required: - - valueFrom - properties: - value: - description: Value of the field. Cannot be used if - 'valueFrom' is specified. - type: string - valueFrom: - description: Source for the field's value. Cannot - be used if 'value' is specified. - properties: - secretKeyRef: - description: Reference to a value with the given - key in the given Secret in the resource's namespace. - properties: - key: - description: Key that identifies the value - to be extracted. - type: string - name: - description: Name of the Secret to extract - a value from. - type: string - required: - - name - - key - type: object - type: object - type: object - required: - - sasToken - type: object - container: - description: The container to transfer from the Azure Storage - account. - type: string - path: - description: Root path to transfer objects. Must be an empty - string or full path name that ends with a '/'. This field - is treated as an object prefix. As such, it should generally - not begin with a '/'. - type: string - storageAccount: - description: The name of the Azure Storage account. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For categorical feature, the distribution distance + is calculated by L-inifinity norm. Each feature must have + a non-zero threshold if they need to be monitored. Otherwise + no alert will be triggered for that feature. The default + value is 0.3. + type: number required: - - azureCredentials - - container - - storageAccount + - value type: object - gcsDataSink: - description: A Google Cloud Storage data sink. + importFeaturesAnalysis: + description: The config for ImportFeatures Analysis Based Feature + Monitoring. properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + anomalyDetectionBaseline: + description: |- + Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below: + * LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics. + * MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists. + * PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists. type: string - required: - - bucketRef - type: object - gcsDataSource: - description: A Google Cloud Storage data source. - properties: - bucketRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: The `name` field of a `StorageBucket` - resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object - path: - description: Google Cloud Storage path in bucket to transfer. + state: + description: |- + Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below: + * DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled. + * ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it. + * DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it. type: string - required: - - bucketRef type: object - httpDataSource: - description: A HTTP URL data source. + numericalThresholdConfig: + description: Threshold for numerical features of anomaly detection. + This is shared by all objectives of Featurestore Monitoring + for numerical features (i.e. Features with type (Feature.ValueType) + DOUBLE or INT64). properties: - listUrl: - description: The URL that points to the file that stores the - object list entries. This file must allow public access. - Currently, only URLs with HTTP and HTTPS schemes are supported. - type: string + value: + description: Specify a threshold value that can trigger the + alert. For numerical feature, the distribution distance + is calculated by Jensen–Shannon divergence. Each feature + must have a non-zero threshold if they need to be monitored. + Otherwise no alert will be triggered for that feature. The + default value is 0.3. + type: number required: - - listUrl + - value type: object - objectConditions: - description: Only objects that satisfy these object conditions - are included in the set of data source and data sink objects. - Object conditions based on objects' last_modification_time do - not exclude objects in a data sink. + snapshotAnalysis: + description: The config for Snapshot Analysis Based Feature Monitoring. properties: - excludePrefixes: - description: exclude_prefixes must follow the requirements - described for include_prefixes. - items: - type: string - type: array - includePrefixes: - description: If include_refixes is specified, objects that - satisfy the object conditions must have names that start - with one of the include_prefixes and that do not start with - any of the exclude_prefixes. If include_prefixes is not - specified, all objects except those that have names starting - with one of the exclude_prefixes must satisfy the object - conditions. - items: - type: string - type: array - maxTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' - type: string - minTimeElapsedSinceLastModification: - description: 'A duration in seconds with up to nine fractional - digits, terminated by ''s''. Example: "3.5s".' + disabled: + description: 'The monitoring schedule for snapshot analysis. + For EntityType-level config: unset / disabled = true indicates + disabled by default for Features under it; otherwise by + default enable snapshot analysis monitoring with monitoringInterval + for Features under it.' + type: boolean + monitoringInterval: + description: |- + DEPRECATED. This field is unavailable in the GA provider and will be removed from the beta provider in a future release. Configuration of the snapshot analysis based monitoring pipeline running interval. The value is rolled up to full day. + + A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s". type: string + monitoringIntervalDays: + description: |- + Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1. + If both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used. + type: integer + stalenessDays: + description: Customized export features time window for snapshot + analysis. Unit is one day. The default value is 21 days. + Minimum value is 1 day. Maximum value is 4000 days. + type: integer type: object - posixDataSink: - description: A POSIX filesystem data sink. + type: object + offlineStorageTtlDays: + description: Config for data retention policy in offline storage. + TTL in days for feature values that will be stored in offline storage. + The Feature Store offline storage periodically removes obsolete + feature values older than offlineStorageTtlDays since the feature + generation time. If unset (or explicitly set to 0), default to 4000 + days TTL. + type: integer + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + required: + - featurestore + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + etag: + description: Used to perform consistent read-modify-write updates. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + region: + description: The region of the EntityType. + type: string + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: vertexaifeaturestores.vertexai.cnrm.cloud.google.com +spec: + group: vertexai.cnrm.cloud.google.com + names: + categories: + - gcp + kind: VertexAIFeaturestore + plural: vertexaifeaturestores + shortNames: + - gcpvertexaifeaturestore + - gcpvertexaifeaturestores + singular: vertexaifeaturestore + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + encryptionSpec: + description: If set, both of the online and offline data storage will + be secured by this key. + properties: + kmsKeyName: + description: 'The Cloud KMS resource identifier of the customer + managed encryption key used to protect a resource. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + The key needs to be in the same region as where the compute + resource is created.' + type: string + required: + - kmsKeyName + type: object + forceDestroy: + description: If set to true, any EntityTypes and Features for this + Featurestore will also be deleted. + type: boolean + onlineServingConfig: + description: Config for online serving resources. + properties: + fixedNodeCount: + description: The number of nodes for each cluster. The number + of nodes will not scale automatically but can be scaled manually + by providing different values when updating. + type: integer + scaling: + description: Online serving scaling configuration. Only one of + fixedNodeCount and scaling can be set. Setting one will reset + the other. properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + maxNodeCount: + description: The maximum number of nodes to scale up to. Must + be greater than minNodeCount, and less than or equal to + 10 times of 'minNodeCount'. + type: integer + minNodeCount: + description: The minimum number of nodes to scale down to. + Must be greater than or equal to 1. + type: integer required: - - rootDirectory + - maxNodeCount + - minNodeCount type: object - posixDataSource: - description: A POSIX filesystem data source. - properties: - rootDirectory: - description: Root directory path to the filesystem. - type: string + type: object + onlineStorageTtlDays: + description: TTL in days for feature values that will be stored in + online serving storage. The Feature Store online storage periodically + removes obsolete feature values older than onlineStorageTtlDays + since the feature generation time. Note that onlineStorageTtlDays + should be less than or equal to offlineStorageTtlDays for each EntityType + under a featurestore. If not set, default to 4000 days. + type: integer + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: required: - - rootDirectory - type: object - sinkAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' type: string - sourceAgentPoolName: - description: Immutable. Specifies the agent pool name associated - with the posix data source. When unspecified, the default name - is used. + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - transferOptions: - description: Characteristics of how to treat files from datasource - and sink during job. If the option delete_objects_unique_in_sink - is true, object conditions based on objects' last_modification_time - are ignored and do not exclude objects in a data source or a - data sink. - properties: - deleteObjectsFromSourceAfterTransfer: - description: Whether objects should be deleted from the source - after they are transferred to the sink. Note that this option - and delete_objects_unique_in_sink are mutually exclusive. - type: boolean - deleteObjectsUniqueInSink: - description: Whether objects that exist only in the sink should - be deleted. Note that this option and delete_objects_from_source_after_transfer - are mutually exclusive. - type: boolean - overwriteObjectsAlreadyExistingInSink: - description: Whether overwriting objects that already exist - in the sink is allowed. - type: boolean - overwriteWhen: - description: When to overwrite objects that already exist - in the sink. If not set, overwrite behavior is determined - by overwriteObjectsAlreadyExistingInSink. - type: string - type: object type: object + region: + description: Immutable. The region of the dataset. eg us-central1. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string required: - - description - - transferSpec + - projectRef + - region type: object status: properties: @@ -79810,17 +110666,13 @@ spec: type: string type: object type: array - creationTime: - description: When the Transfer Job was created. - type: string - deletionTime: - description: When the Transfer Job was deleted. - type: string - lastModificationTime: - description: When the Transfer Job was last modified. + createTime: + description: The timestamp of when the featurestore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string - name: - description: The name of the Transfer Job. + etag: + description: Used to perform consistent read-modify-write updates. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -79829,6 +110681,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the featurestore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. + type: string type: object required: - spec @@ -79848,25 +110705,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagbindings.tags.cnrm.cloud.google.com + name: vertexaiindexes.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagBinding - plural: tagstagbindings + kind: VertexAIIndex + plural: vertexaiindexes shortNames: - - gcptagstagbinding - - gcptagstagbindings - singular: tagstagbinding + - gcpvertexaiindex + - gcpvertexaiindexes + singular: vertexaiindex preserveUnknownFields: false scope: Namespaced versions: @@ -79886,7 +110743,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -79904,7 +110761,96 @@ spec: type: object spec: properties: - parentRef: + description: + description: The description of the Index. + type: string + displayName: + description: The display name of the Index. The name can be up to + 128 characters long and can consist of any UTF-8 characters. + type: string + indexUpdateMethod: + description: |- + Immutable. The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default. + * BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update. + * STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time. + type: string + metadata: + description: An additional information about the Index. + properties: + config: + description: Immutable. The configuration of the Matching Engine + Index. + properties: + algorithmConfig: + description: The configuration with regard to the algorithms + used for efficient search. + properties: + bruteForceConfig: + description: |- + Configuration options for using brute force search, which simply implements the + standard linear search in the database for each query. + type: object + x-kubernetes-preserve-unknown-fields: true + treeAhConfig: + description: |- + Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing). + Please refer to this paper for more details: https://arxiv.org/abs/1908.10396. + properties: + leafNodeEmbeddingCount: + description: Number of embeddings on each leaf node. + The default value is 1000 if not set. + type: integer + leafNodesToSearchPercent: + description: |- + The default percentage of leaf nodes that any query may be searched. Must be in + range 1-100, inclusive. The default value is 10 (means 10%) if not set. + type: integer + type: object + type: object + approximateNeighborsCount: + description: |- + The default number of neighbors to find via approximate search before exact reordering is + performed. Exact reordering is a procedure where results returned by an + approximate search algorithm are reordered via a more expensive distance computation. + Required if tree-AH algorithm is used. + type: integer + dimensions: + description: The number of dimensions of the input vectors. + type: integer + distanceMeasureType: + description: |- + The distance measure used in nearest neighbor search. The value must be one of the followings: + * SQUARED_L2_DISTANCE: Euclidean (L_2) Distance + * L1_DISTANCE: Manhattan (L_1) Distance + * COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity. + * DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product. + type: string + featureNormType: + description: "Type of normalization to be carried out on each + vector. The value must be one of the followings: \n* UNIT_L2_NORM: + Unit L2 normalization type\n* NONE: No normalization type + is specified." + type: string + required: + - dimensions + type: object + contentsDeltaUri: + description: |- + Allows inserting, updating or deleting the contents of the Matching Engine Index. + The string must be a valid Cloud Storage directory path. If this + field is set when calling IndexService.UpdateIndex, then no other + Index field can be also updated as part of the same call. + The expected structure and format of the files this URI points to is + described at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format. + type: string + isCompleteOverwrite: + description: |- + If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex, + then existing content of the Index will be replaced by the data from the contentsDeltaUri. + type: boolean + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -79921,8 +110867,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `//cloudresourcemanager.googleapis.com/projects/{{value}}`, - where {{value}} is the `number` field of a `Project` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -79931,41 +110876,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the index. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - tagValueRef: - oneOf: - - not: - required: - - external - required: - - name - - not: - anyOf: - - required: - - name - - required: - - namespace - required: - - external - properties: - external: - description: 'Allowed value: string of the format `tagValues/{{value}}`, - where {{value}} is the `name` field of a `TagsTagValue` resource.' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - type: object required: - - parentRef - - tagValueRef + - displayName + - projectRef + - region type: object status: properties: @@ -79995,9 +110917,47 @@ spec: type: string type: object type: array + createTime: + description: The timestamp of when the Index was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + deployedIndexes: + description: The pointers to DeployedIndexes created from this Index. + An Index can be only deleted if all its DeployedIndexes had been + undeployed first. + items: + properties: + deployedIndexId: + description: The ID of the DeployedIndex in the above IndexEndpoint. + type: string + indexEndpoint: + description: A resource name of the IndexEndpoint. + type: string + type: object + type: array + etag: + description: Used to perform consistent read-modify-write updates. + type: string + indexStats: + description: Stats of the index resource. + items: + properties: + shardsCount: + description: The number of shards in the Index. + type: integer + vectorsCount: + description: The number of vectors in the Index. + type: string + type: object + type: array + metadataSchemaUri: + description: Points to a YAML file stored on Google Cloud Storage + describing additional information about the Index, that is specific + to it. Unset if the Index does not have any additional information. + type: string name: - description: 'The generated id for the TagBinding. This is a string - of the form: ''tagBindings/{full-resource-name}/{tag-value-name}''.' + description: The resource name of the Index. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80006,6 +110966,11 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + updateTime: + description: The timestamp of when the Index was last updated in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string type: object required: - spec @@ -80025,25 +110990,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagkeys.tags.cnrm.cloud.google.com + name: vertexaimetadatastores.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagKey - plural: tagstagkeys + kind: VertexAIMetadataStore + plural: vertexaimetadatastores shortNames: - - gcptagstagkey - - gcptagstagkeys - singular: tagstagkey + - gcpvertexaimetadatastore + - gcpvertexaimetadatastores + singular: vertexaimetadatastore preserveUnknownFields: false scope: Namespaced versions: @@ -80063,7 +111028,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80082,41 +111047,57 @@ spec: spec: properties: description: - description: User-assigned description of the TagKey. Must not exceed - 256 characters. - type: string - parent: - description: Immutable. Input only. The resource name of the new TagKey's - parent. Must be of the form organizations/{org_id}. - type: string - purpose: - description: |- - Immutable. Optional. A purpose cannot be changed once set. - - A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: ["GCE_FIREWALL"]. + description: Immutable. Description of the MetadataStore. type: string - purposeData: - additionalProperties: - type: string - description: |- - Immutable. Optional. Purpose data cannot be changed once set. - - Purpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = "/"'. + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + MetadataStore. If set, this MetadataStore and all sub-resources + of this MetadataStore will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string type: object - resourceID: - description: Immutable. Optional. The service-generated name of the - resource. Used for acquisition only. Leave unset to create a new - resource. + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the Metadata Store. eg us-central1. type: string - shortName: - description: |- - Immutable. Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. - - The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. type: string required: - - parent - - shortName + - projectRef + - region type: object status: properties: @@ -80147,16 +111128,9 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - type: string - name: - description: The generated numeric id for the TagKey. - type: string - namespacedName: - description: Output only. Namespaced name of the TagKey. + description: The timestamp of when the MetadataStore was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80165,11 +111139,19 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + state: + description: State information of the MetadataStore. + items: + properties: + diskUtilizationBytes: + description: The disk utilization of the MetadataStore in bytes. + type: string + type: object + type: array updateTime: - description: |- - Output only. Update time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the MetadataStore was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80190,25 +111172,25 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/managed-by-kcc: "true" cnrm.cloud.google.com/stability-level: alpha cnrm.cloud.google.com/system: "true" cnrm.cloud.google.com/tf2crd: "true" - name: tagstagvalues.tags.cnrm.cloud.google.com + name: vertexaitensorboards.vertexai.cnrm.cloud.google.com spec: - group: tags.cnrm.cloud.google.com + group: vertexai.cnrm.cloud.google.com names: categories: - gcp - kind: TagsTagValue - plural: tagstagvalues + kind: VertexAITensorboard + plural: vertexaitensorboards shortNames: - - gcptagstagvalue - - gcptagstagvalues - singular: tagstagvalue + - gcpvertexaitensorboard + - gcpvertexaitensorboards + singular: vertexaitensorboard preserveUnknownFields: false scope: Namespaced versions: @@ -80228,7 +111210,7 @@ spec: jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime name: Status Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -80247,10 +111229,26 @@ spec: spec: properties: description: - description: User-assigned description of the TagValue. Must not exceed - 256 characters. + description: Description of this Tensorboard. type: string - parentRef: + displayName: + description: User provided name of this Tensorboard. + type: string + encryptionSpec: + description: Immutable. Customer-managed encryption key spec for a + Tensorboard. If set, this Tensorboard and all sub-resources of this + Tensorboard will be secured by this key. + properties: + kmsKeyName: + description: |- + Immutable. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. + Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created. + type: string + required: + - kmsKeyName + type: object + projectRef: + description: The project that this resource belongs to. oneOf: - not: required: @@ -80267,8 +111265,7 @@ spec: - external properties: external: - description: 'Allowed value: string of the format `tagKeys/{{value}}`, - where {{value}} is the `name` field of a `TagsTagKey` resource.' + description: 'Allowed value: The `name` field of a `Project` resource.' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' @@ -80277,23 +111274,26 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string type: object + region: + description: Immutable. The region of the tensorboard. eg us-central1. + type: string resourceID: description: Immutable. Optional. The service-generated name of the resource. Used for acquisition only. Leave unset to create a new resource. type: string - shortName: - description: |- - Immutable. Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. - - The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. - type: string required: - - parentRef - - shortName + - displayName + - projectRef + - region type: object status: properties: + blobStoragePathPrefix: + description: Consumer project Cloud Storage path prefix used to store + blob data, which can either be a bucket or directory. Does not end + with a '/'. + type: string conditions: description: Conditions represent the latest available observation of the resource's current state. @@ -80321,17 +111321,12 @@ spec: type: object type: array createTime: - description: |- - Output only. Creation time. - - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was created in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. type: string name: - description: The generated numeric id for the TagValue. - type: string - namespacedName: - description: Output only. Namespaced name of the TagValue. Will be - in the format {organizationId}/{tag_key_short_name}/{shortName}. + description: Name of the Tensorboard. type: string observedGeneration: description: ObservedGeneration is the generation of the resource @@ -80340,10 +111335,13 @@ spec: current reported status reflects the most recent desired state of the resource. type: integer + runCount: + description: The number of Runs stored in this Tensorboard. + type: string updateTime: - description: |- - Output only. Update time. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + description: The timestamp of when the Tensorboard was last updated + in RFC3339 UTC "Zulu" format, with nanosecond resolution and up + to nine fractional digits. type: string type: object required: @@ -80364,7 +111362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cnrm.cloud.google.com/version: 1.102.0 + cnrm.cloud.google.com/version: 1.103.0 creationTimestamp: null labels: cnrm.cloud.google.com/dcl2crd: "true" @@ -80643,3 +111641,391 @@ status: plural: "" conditions: [] storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workflowsworkflows.workflows.cnrm.cloud.google.com +spec: + group: workflows.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkflowsWorkflow + plural: workflowsworkflows + shortNames: + - gcpworkflowsworkflow + - gcpworkflowsworkflows + singular: workflowsworkflow + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + description: + description: Description of the workflow provided by the user. Must + be at most 1000 unicode characters long. + type: string + namePrefix: + description: Immutable. + type: string + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + region: + description: Immutable. The region of the workflow. + type: string + resourceID: + description: Immutable. Optional. The name of the resource. Used for + creation and acquisition. When unset, the value of `metadata.name` + is used as the default. + type: string + serviceAccount: + description: |- + Name of the service account associated with the latest workflow version. This service + account represents the identity of the workflow and determines what permissions the workflow has. + + Format: projects/{project}/serviceAccounts/{account}. + type: string + sourceContents: + description: Workflow code to be executed. The size limit is 32KB. + type: string + required: + - projectRef + - region + type: object + status: + properties: + conditions: + description: Conditions represent the latest available observation + of the resource's current state. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + message: + description: Human-readable message indicating details about + last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be True, + False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + createTime: + description: The timestamp of when the workflow was created in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + revisionId: + description: The revision of the workflow. A new one is generated + if the service account or source contents is changed. + type: string + state: + description: State of the workflow deployment. + type: string + updateTime: + description: The timestamp of when the workflow was last updated in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to + nine fractional digits. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cnrm.cloud.google.com/version: 1.103.0 + creationTimestamp: null + labels: + cnrm.cloud.google.com/managed-by-kcc: "true" + cnrm.cloud.google.com/stability-level: alpha + cnrm.cloud.google.com/system: "true" + cnrm.cloud.google.com/tf2crd: "true" + name: workstationsworkstationclusters.workstations.cnrm.cloud.google.com +spec: + group: workstations.cnrm.cloud.google.com + names: + categories: + - gcp + kind: WorkstationsWorkstationCluster + plural: workstationsworkstationclusters + shortNames: + - gcpworkstationsworkstationcluster + - gcpworkstationsworkstationclusters + singular: workstationsworkstationcluster + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: When 'True', the most recent reconcile of the resource succeeded + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the value in 'Ready' + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Status + type: string + - description: The last transition time for the value in 'Status' + jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime + name: Status Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'apiVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + annotations: + additionalProperties: + type: string + description: Client-specified annotations. This is distinct from labels. + type: object + displayName: + description: Human-readable name for this resource. + type: string + location: + description: Immutable. The location where the workstation cluster + should reside. + type: string + network: + description: "Immutable. The relative resource name of the VPC network + on which the instance can be accessed. \nIt is specified in the + following form: \"projects/{projectNumber}/global/networks/{network_id}\"." + type: string + privateClusterConfig: + description: Configuration for private cluster. + properties: + clusterHostname: + description: "Hostname for the workstation cluster. \nThis field + will be populated only when private endpoint is enabled. \nTo + access workstations in the cluster, create a new DNS zone mapping + this domain name to an internal IP address and a forwarding + rule mapping that address to the service attachment." + type: string + enablePrivateEndpoint: + description: Immutable. Whether Workstations endpoint is private. + type: boolean + serviceAttachmentUri: + description: "Service attachment URI for the workstation cluster. + \nThe service attachemnt is created when private endpoint is + enabled. \nTo access workstations in the cluster, configure + access to the managed service using (Private Service Connect)[https://cloud.google.com/vpc/docs/configure-private-service-connect-services]." + type: string + required: + - enablePrivateEndpoint + type: object + projectRef: + description: The project that this resource belongs to. + oneOf: + - not: + required: + - external + required: + - name + - not: + anyOf: + - required: + - name + - required: + - namespace + required: + - external + properties: + external: + description: 'Allowed value: The `name` field of a `Project` resource.' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + type: object + resourceID: + description: Immutable. Optional. The workstationClusterId of the + resource. Used for creation and acquisition. When unset, the value + of `metadata.name` is used as the default. + type: string + subnetwork: + description: "Immutable. Name of the Compute Engine subnetwork in + which instances associated with this cluster will be created. \nMust + be part of the subnetwork specified for this cluster." + type: string + required: + - location + - network + - projectRef + - subnetwork + type: object + status: + properties: + conditions: + description: Status conditions describing the current resource state. + items: + properties: + code: + description: The status code, which should be an enum value + of google.rpc.Code. + type: integer + details: + description: A list of messages that carry the error details. + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + message: + description: Human readable message indicating details about + the current status. + type: string + type: object + type: array + createTime: + description: Time the Instance was created in UTC. + type: string + degraded: + description: "Whether this resource is in degraded mode, in which + case it may require user action to restore full functionality. \nDetails + can be found in the conditions field." + type: boolean + etag: + description: "Checksum computed by the server. \nMay be sent on update + and delete requests to ensure that the client has an up-to-date + value before proceeding." + type: string + name: + description: The name of the cluster resource. + type: string + observedGeneration: + description: ObservedGeneration is the generation of the resource + that was most recently observed by the Config Connector controller. + If this is equal to metadata.generation, then that means that the + current reported status reflects the most recent desired state of + the resource. + type: integer + uid: + description: The system-generated UID of the resource. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: []